You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@netbeans.apache.org by GitBox <gi...@apache.org> on 2019/05/29 18:32:39 UTC
[GitHub] [netbeans] matthiasblaesing commented on issue #1092: Using
Graal.js 19.0.0 in platform/core.network
matthiasblaesing commented on issue #1092: Using Graal.js 19.0.0 in platform/core.network
URL: https://github.com/apache/netbeans/pull/1092#issuecomment-497057267
I had a very short look at graal.js and it looked much better than Nashorn. At least it brought over the message, that someone cared about security and put thought into it.
I have some doubts, that the Scripting API module is helpful though. It implies that it can do things it won't be able to do. `allowAllAccess` will only work for Graal.js and nashorn engines. If other engines are used, the user will have a false sense of security, that is not in place. I see, that the ClassLoader magic is helpful here, but is that enough to make it worth it? The Java Scripting API feels ok for trusted scripts, but introduces some doubts when fine grained control over the engine is required.
I'm ok with merging this, but it was only a quick look (I explained on private@ why I won't go deeper).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@netbeans.apache.org
For additional commands, e-mail: notifications-help@netbeans.apache.org
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists