On Apr 19, 2012 6:36 AM, "jballanc (Joshua Ballanco)" <jballanc / gmail.com>
wrote:
>
>
> Issue #5455 has been updated by jballanc (Joshua Ballanco).
>
>
> I just wanted to chime in here and suggest that, in the process of adding
security restrictions, it might be worth considering the Sandbox
implemented in MacRuby and Aaron's playpen library (
https://github.com/tenderlove/playpen), both of which are built on the
OS-level security framework. I wonder if SAFE might better be replaced by
something like this (built on OS specific security frameworks)?

A problem that I see with this approach is that it would be hard to support
this consistently across a variety of platforms. I think a more consistent
approach would be to define an independent, abstract interface like Charles
suggested. Then the individual implementations could very well use
OS-specific helpers to realize the spec, while JRuby is still free to
piggyback on Java's built-in features. Personally, I believe these kinds of
abstraction layers help a lot to keep consistence and encourage a more
testable, cleaner overall design.

-Martin