From: "Martin Boßlet" Date: 2012-04-20T00:29:12+09:00 Subject: [ruby-core:44454] Re: [ruby-trunk - Feature #5455] $SAFE should be removed --e0cb4efe29cc51acc904be09d502 Content-Type: text/plain; charset=ISO-8859-1 On Apr 19, 2012 6:36 AM, "jballanc (Joshua Ballanco)" wrote: > > > Issue #5455 has been updated by jballanc (Joshua Ballanco). > > > I just wanted to chime in here and suggest that, in the process of adding security restrictions, it might be worth considering the Sandbox implemented in MacRuby and Aaron's playpen library ( https://github.com/tenderlove/playpen), both of which are built on the OS-level security framework. I wonder if SAFE might better be replaced by something like this (built on OS specific security frameworks)? A problem that I see with this approach is that it would be hard to support this consistently across a variety of platforms. I think a more consistent approach would be to define an independent, abstract interface like Charles suggested. Then the individual implementations could very well use OS-specific helpers to realize the spec, while JRuby is still free to piggyback on Java's built-in features. Personally, I believe these kinds of abstraction layers help a lot to keep consistence and encourage a more testable, cleaner overall design. -Martin --e0cb4efe29cc51acc904be09d502 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable


On Apr 19, 2012 6:36 AM, "jballanc (Joshua Ballanco)" <jballanc@gmail.com> wrote:
>
>
> Issue #5455 has been updated by jballanc (Joshua Ballanco).
>
>
> I just wanted to chime in here and suggest that, in the process of add= ing security restrictions, it might be worth considering the Sandbox implem= ented in MacRuby and Aaron's playpen library (https://github.com/tenderlove/playpen), both o= f which are built on the OS-level security framework. I wonder if SAFE migh= t better be replaced by something like this (built on OS specific security = frameworks)?

A problem that I see with this approach is that it would be hard to supp= ort this consistently across a variety of platforms. I think a more consist= ent approach would be to define an independent, abstract interface like Cha= rles suggested. Then the individual implementations could very well use OS-= specific helpers to realize the spec, while JRuby is still free to piggybac= k on Java's built-in features. Personally, I believe these kinds of abs= traction layers help a lot to keep consistence and encourage a more testabl= e, cleaner overall design.

-Martin

--e0cb4efe29cc51acc904be09d502--