1 Reply Latest reply on Mar 11, 2005 3:30 PM by starksm64

Preventing Execution of Malicious Java Code inside the conta

arokde Mar 11, 2005 10:35 AM

Hi All
I know this forum will not be appropriate one for this kind of question but still i will be really interested how jboss handles this kind of thing.

We have product which is runing inside a servlet container (tomcat/jetty).This product allows the user to attach external java code which defines application logic.

This java class runs inside same jvm as our server is running.What i would like to prevent is execution of any malicious code ( ex infinite loop) which would bring entire sever down.
First is it possible to prevent this kind of thing .If so what will be design strategy for this
Thanks a lot
Amey

1. Re: Preventing Execution of Malicious Java Code inside the c

starksm64 Mar 11, 2005 3:30 PM (in response to arokde)

You can only enforce that which can be validated using a security manager and permission check. Java does not have sufficient notion of thread resources or permission checks that would allow you to stop a thread that exceeds some cpu usage or memory usage threshold.
Actions