Google App Engine沙盒如何运作?
[英]How does Google App Engine sandbox work?
问题描述
How does Google App Engine sandbox work? 
Google App Engine沙盒如何运作?
What would I have to do to create my own such sandbox (to safely allow my clients to run their apps on my engine without giving them the ability to format my disk drive)? 我需要做些什么来创建我自己的沙箱(为了安全地允许我的客户在我的引擎上运行他们的应用程序而不让他们能够格式化我的磁盘驱动器)? Is it just class loader magic, byte manipulation or something? 它只是类加载器魔术,字节操作或什么?
3 个解决方案
解决方案1
9 2009-08-04 03:56:39
You would probably need a combination of a restrictive classloader and a thorough understanding of the Java Security Architecture . 您可能需要结合使用限制性类加载器并全面了解Java安全体系结构 。 You would probably run your JVM with a very strict SecurityManager specified. 您可能会使用指定的非常严格的SecurityManager运行JVM。
解决方案2
2 2009-08-04 03:50:53
In the Java case, I think it's mostly done by restricting the available libraries. 在Java案例中,我认为这主要是通过限制可用库来完成的。 Since Java doesn't have pointer concept, and you can't upload natively compiled code (only JVM bytecode), you can't break out of the sandbox. 由于Java没有指针概念,并且您无法上传本机编译的代码(仅限JVM字节码),因此无法打破沙箱。 Add some tight process scheduling, and you're done! 添加一些严格的流程安排,你就完成了!
I guess The hardest part is to pick the libraries, to make it useful while staying safe. 我想最困难的部分是选择库,使其在保持安全的同时有用。
In the Python case, they had to modify the VM itself, because it wasn't designed with safety in mind. 在Python案例中,他们必须修改VM本身,因为它的设计并未考虑到安全性。 Fortunately, they have Guido himself to do it. 幸运的是,他们有Guido自己去做。
解决方案3
0 2010-09-07 05:12:19
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.