Hello #C02B3PECK6E! I was redirected to your channel because my problem involves sandboxing Kotlin script code that can be edited by a web interface for security reasons. Basically the same problem that Kotlin Playground faces. Now, in the kotlin-compiler-server the sandboxing is done using Java's

SecurityManager

, but this component has been deprecated and will be discontinued. What are your plans, what are the tools you are going to use in the future to protect your system from untrusted code being sent to the compiler server? Thanks!

Hi Olaf! My previous answer still stands—we haven't decided on an alternative to the

SecurityManager

yet. We're aware of the issue, but we don't have a specific plan at this time. Sorry I couldn't be more helpful.

Thanks @Nikolay Pachkov... this is (kind-of) bad news... 😞 It is so devastating to come to this point, knowing things are not like you would envision them. My problem is: I cannot really go the external program call way because I would not be able to send in and get out the payload the function I would like to execute needs to process. So I was desperately hoping to find future proof solutions on Jetbrains side... I created an inner DSL using Kotlin scripts, but now I realize that if you let people edit their code which is supposed to do data transformation and are NOT able to sandbox the code they enter, they can basically do anything on the cloud server their code is executed on. Which is of course not feasible. So I am searching for a way to actually sandbox this piece of code in process... apparently this is impossible on the JVM. 😞 I restricted the compilation classpath to ONLY include necessary components, but since all of the File/Network related things are in the standard library, I cannot make it invisible/unreachable. I also just now realized that going for Kotlin scripts was somehow unnecessary as the solution here is NOT using Kotlin scripts at all, it is just compiling "ordinary" main functions and execute them... How can I send in a Kotlin script instead? Something without a main function where only the last expression's value counts? Or should I wrap the user code in a function that they don't see and return the last expression?