Hopbot log for 2008-08-17 - Helma IRC channel: #helma on irc.freenode.net
2008-08-17:
[9:51] <decke> i am wondering how do you guys monitor your services (helma, db, reachability, processes etc.) ?[14:40] <hzin> Hi, is it possible to prevent a .js in user app to have access to java packages? eg. org.mortbay.jetty.Server
[14:41] <hzin> btw, I'm talking about Helma NG
[14:52] <zumbrunn> I haven't experimented with this in ng
[14:52] <zumbrunn> maybe there would be a way of setting class shutters for the rhino context of the current app
[14:53] <zumbrunn> inside a js file you could create a new rhino context with the appropriate class shutters and run a script in that context
[14:53] <zumbrunn> but that is not the same as limiting access for the .js file itself, of course
[14:53] <hzin> what I want is to only let .js in modules to have access to those java packages, but prevent user app from accessing them
[14:54] <zumbrunn> this would be a cool feature, I agree
[14:55] <hzin> is this feature available in Helma 1.x?
[14:55] <zumbrunn> being able to specify the module paths which have access and the module paths which do not
[14:56] <zumbrunn> regarding helma 1.x... not the class shutter stuff directly
[14:56] <zumbrunn> but you have app.invoke
[14:56] <zumbrunn> and app.invokeAsync
[14:56] <zumbrunn> which make the creation/handling of separate rhino contexts a bit easier
[14:57] <zumbrunn> but you would still have to apply the class shutters there
[14:57] <zumbrunn> like I said, I haven't explored this in ng
[14:58] <hzin> ok
[14:58] <zumbrunn> in ng this might be easier to do because of the way each js file already gets its own scope
[14:59] <zumbrunn> it's an interesting topic and I would like to have that kind of functionality as well
[15:02] <hzin> yep, I'm exploring the possibility to run untrusted .js code in a sandboxed environment