Let's say I have an existing application written in Java to which I want to add scripting support. This is pretty trivial with Groovy (and just as trivial in .Net with any range of Iron dynamic languages).
As trivial as adding support, there are a number of questions about the execution and security of the script - and how to implement this security.
Does anyone come across interesting articles / articles or have any idea about this that they would like to share? In particular, I would be very interested in architectural things, such as execution contexts, script authentication, script signatures and things along these lines ... you know, something like that prevents users from running arbitrary scripts that they just encountered which managed to damage all their applications, while allowing scripts to be useful and flexible.
Quick edit
I mentioned signing and authentication as different objects, because I see them as different aspects of security.
For example, as an application developer / provider, I am distributing a signed script. This script legitimately "destroys data" by design. Such as character, they should only be run by administrators, and therefore the vast majority of user / system processes should not run it. In this case, it seems to me that some kind of security / authentication context is required based on the actions that the script performs and who works with this script.
source
share