Protecting SSJS from Unverified Code

Question

Protecting SSJS from Unverified Code

I want to use node.js (or another SSJS solution) by running my own code + external written code inside (untrusted).

Any way to separate and protect your own code? Can I limit the modules and the system effect of untrusted code (restrict access to files, not HTTP ports, etc.)?

+5

javascript security

Adam Jul 22 '10 at 20:08

source share

3 answers

mattbasta · Answer 1 · 2010-07-23T00:15:20+0000

You can check out this project seems very promising:

http://github.com/gf3/node-sandbox

Personally, I do not use Node to perform arbitrary SSJS execution. You probably won't like this solution, but it worked perfectly for me for a year:

Perl API Spidermonkey (Spidermonkey - JS Firefox) . CGI. , (, Perl... blech) , . , . DOM.

, ( ), , , REST API . HMAC, . Perl script , script (script POST). Perl script . , - 10 .

, !

Dan Beam · Answer 2 · 2010-11-13T09:09:29+0000

node.js

script.runInNewContext([])
Script.runInNewContext( capital 'S'), Script. Script.runInNewContext Script . . .

http://nodejs.org/api.html#script-runinnewcontext-105

Mike stay · Answer 3 · 2010-11-09T21:37:57+0000

Take a look at Caja . It translates third-party code into a form in which the code has only access to objects that you explicitly provide.

Protecting SSJS from Unverified Code

More articles: