Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Obviously such a scheme raises all sorts of security concerns. Java has a rigorous security framework, but it isn't trivial. The possibility of screwing it up and letting an unprivileged user access vital system components shouldn't be overlooked.</p> <p>That warning aside, if you're taking user input in the form of source code, the first thing you need to do is compile it to Java bytecode. AFIAK, this cannot be done natively, so you'll need to make a system call to javac, and compile the source code to bytecode on disk. <a href="http://www.devdaily.com/java/edu/pj/pj010016/pj010016.shtml" rel="noreferrer">Here's</a> a tutorial that can be used as a starting point for this. <strong>Edit</strong>: as I learned in the comments, you actually can compile Java code from source natively using <a href="http://java.sun.com/javase/6/docs/api/javax/tools/JavaCompiler.html" rel="noreferrer">javax.tools.JavaCompiler</a></p> <p>Once you have JVM bytecode, you can load it into the JVM using a <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/lang/ClassLoader.html" rel="noreferrer">ClassLoader's</a> <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/lang/ClassLoader.html#defineClass(java.lang.String,%20byte[],%20int,%20int,%20java.security.ProtectionDomain)" rel="noreferrer">defineClass</a> function. To set a security context for this loaded class you will need to specify a <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/ProtectionDomain.html" rel="noreferrer">ProtectionDomain</a>. The minimal constructor for a <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/ProtectionDomain.html" rel="noreferrer">ProtectionDomain</a> requires both a CodeSource and a <a href="http://java.sun.com/j2se/1.4.2/docs/api/java/security/PermissionCollection.html" rel="noreferrer">PermissionCollection</a>. The PermissionCollection is the object of primary use to you here- you can use it to specify the exact permissions the loaded class has. These permissions should be ultimately enforced by the JVM's <a href="http://java.sun.com/javase/6/docs/api/java/security/AccessController.html" rel="noreferrer">AccessController</a>.</p> <p>There's a lot of possible points of error here, and you should be extremely careful to completely understand everything before you implement anything.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload