You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bsf-user@jakarta.apache.org by Chris Brown <br...@reflexe.fr> on 2002/12/30 09:25:44 UTC

Suggestions for improving BSF (various comments)

Hi

I'm having a little difficulty fully understanding BSF.  In particular, it'd
be great if the authors could find a moment to add a bit of extra
documentation the BSFManager class in particular, as for example with the
method "exec", it's very unclear as to what the "Object script" parameter is
(a String? a CodeBuffer? something else..?!)

Another comment about BSFManager... there's a lot of methods that have
important implications for security and integrity in there.  Things like
"terminate"...  If the "bsf" variable made available to scripts makes these
methods available, that could wreak havoc in certain situations, in which
I'd like to provide scripts with a controlled "sandbox".  Maybe it'd be
better to have a sort of wrapper class (instead of BSFManager) that provides
"lookupBean" and a few other methods, without the "risky" ones.

Hope this is of some use!
Chris

Re: Suggestions for improving BSF (various comments)

Posted by "Victor J. Orlikowski" <vj...@dulug.duke.edu>.

On Mon, Dec 30, 2002 at 09:25:44AM +0100, Chris Brown wrote:
> I'm having a little difficulty fully understanding BSF.  In particular, it'd
> be great if the authors could find a moment to add a bit of extra
> documentation the BSFManager class in particular, as for example with the
> method "exec", it's very unclear as to what the "Object script" parameter is
> (a String? a CodeBuffer? something else..?!)
> 
Very sorry for the *very* late reply. 
The docs situation is something that will be worked upon soon. 

> Another comment about BSFManager... there's a lot of methods that have
> important implications for security and integrity in there.  Things like
> "terminate"...  If the "bsf" variable made available to scripts makes these
> methods available, that could wreak havoc in certain situations, in which
> I'd like to provide scripts with a controlled "sandbox".  Maybe it'd be
> better to have a sort of wrapper class (instead of BSFManager) that provides
> "lookupBean" and a few other methods, without the "risky" ones.
> 
> Hope this is of some use!
> 
Indeed. Thanks for the suggestion.

Victor
-- 
Victor J. Orlikowski   | The Wall is Down, But the Threat Remains!
==================================================================
orlikowski@apache.org  | vjo@dulug.duke.edu | vjo@us.ibm.com