Hi Charlie,

I have no realm experience with JRuby, although at a glance it might be 
a closer fit with respect to securing running plugins. I might be stuck 
in this regard though as a good chunk of the app is already written, and 
C++-based. The cost of moving across might prove to be too high in my 
particular case, but at the very least it gives me something to explore 
and think about. Thankyou for sharing- this is probably not an area I 
would have thought to investigate on my own. :)

Garth

On 19/12/11 12:16, Charles Oliver Nutter wrote:
> On Sun, Dec 18, 2011 at 2:16 AM, Garthy D
> <garthy_lmkltybr / entropicsoftware.com>  wrote:
>>
>> Hi all,
>>
>> I am working on an embedded Ruby application that may support user-written
>> Ruby plugins in the future, and I am trying to get a rough idea as to what
>> is and isn't possible, as it will affect the design I go with. Basically, if
>> you've worked on such a thing before, please share your experiences. :)
>
> There's a number of folks using JRuby for this, most notable the
> "Rails for Zombies" online course, which runs JRuby in a sandboxed
> environment and allows students to run their code directly on the
> server.
>
> I am not a fan of $SAFE at all. I don't trust it, and I don't think
> anyone else should either. The JVM's security model is far more
> robust, and works well to secure a JRuby instance. There are many
> examples of secure JVM-based services running major sites, such as all
> of apps deployed to Google AppEngine for Java. I know of no example of
> anyone running $SAFE mode in Ruby in a real-world setting.
>
> I'm also looking to make JRuby's integration with the JVM security
> model more robust in JRuby 1.7. At the very least, I'd like to have
> equivalent built-in modes similar to SAFE levels that use JVM security
> policies to enforce restrictions. Beyond that, I would like a full
> complement of JVM permissions for Ruby-specific features like
> evaluating code, reopening classes, and so on. You'll be able to
> choose a pre-packaged SAFE-like policy, or roll your own.
>
> I'd love to see Ruby adopt a real security model. Until then, I'll
> keep trying to make JRuby utilize the JVM's model better.
>
> - Charlie
>