# scripting

Matthieu Stombellini

09/06/2023, 4:13 PM
Hey everyone, I wanted to check if there were further developements on this question from a few years ago: I have basically the same question, where I want my DSL-specific KTS files to only have access to the DSL API and not have access to things like Java IO, network, etc. I suppose I'd have to disable the stdlib for this (since the stdlib provides a few IO-related functions that may be abused). I fully understand that this would be a fairly "weak" protection (the users sending KTS files would be trusted users, the idea here would be to reduce the impact of a rogue user sending a malicious KTS file), but I'm wondering how doable this is. Are the instructions in this thread still relevant, or are there new developments in this area? Thanks in advance!


09/07/2023, 11:50 AM
Probably no developments. You'd still need to rely on SecurityManager (deprecated but working) or kernel sandboxing or both. GraalVM is developing a new sandbox that could be useful but it's not activated for bytecode languages yet.
👌 1