sandbox

The site that connect sandbox paypal works , until recently it can connect will curl but when it send the request at the second time it show the error of error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure I have tried some reference online and set the SSL SHA-256 cert of it but it return same error. Other suggest switch to TLS at the curl connection but it may not perfered as there are many project I have handled. Are there any suggestion to connect sandbox paypal with SSLv3? Thanks for helping. You'll have to switch the cURL request to use TLS 1.2 in order to use

I'm writing a JavaFX2 application that accepts arbitrary code to be loaded from remote locations. For me using a custom SecurityManager, ClassLoader and ProtectionDomain was the way to go. Unfortunately this seems to be the same setup that's used to sandbox applets, which has caused a lot of security exploits and that in turn has persuaded people to fear Java Web Plugin and removing it from their OS entirely. Is Java sandbox a secure environment to run untrusted code onto, or is it just the Java Web Plugin as a whole to be insecure? The security manager provides your app. with exactly as much

I have an untrusted code submitted by a user, and I need to execute it in a sandboxed environment in a browser. I was advised that Web-Workers cannot be secure enough for that, and that a sandbxed iframe should better be used. This page: https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#Web_Workers also says workers are not suitable for untrusted code. But if I create a worker from a Blob, its url even has a different protocol ( blob:// ). Is separate origin policy applied to the worker code in this case? If there are additional reasons, why a worker is (by default) less restricted

I use QLPreviewView to show the quicklook preview in the app. Without sandbox, this works well, but once change the app to sandbox, the preview can not show up. I found the error in Console: QuickLookUIHelpe(20786) deny file-read-data XXX. I have used the security-scoped bookmarks & com.apple.security.files.user-selected.read-write to grant access the user home dir, then: [allowedURL startAccessingSecurityScopedResource]; self.myPreiviewItem.myURL = fileURL; self.myQLPreviewView.previewItem = self.myPreiviewItem; [self.myQLPreviewView refreshPreviewItem]; [allowedURL

I'd like to implement a sandbox by ptrace() ing a process I start and all its children would create (including grandchildren etc.). The ptrace() parent process, i.e. the supervisor. would be a simple C or Python program, and conceptually it would limit filesystem access (based on the path name and the access direction (read or write) and socket access (e.g. disallowing socket creation). What should I pay attention to so that the ptrace() d process and its children (recursively) won't be able to bypass the sandbox? Is there anything special the supervisor should do at fork() time to avoid race

Implementing a 'sandbox' environment in Python used to be done with the rexec module ( http://docs.python.org/library/rexec.html ). Unfortunately, it has been deprecated/removed due to some security vulnerabilities. Is there an alternative? My goal is to have Python code execute semi-trusted Python scripts. In a perfect world, calls to any functions outside of a pre-defined set would raise exceptions. From what I've read about rexec's deprecation, this may not be possible. So I'll settle for as much as I can get. I can spawn a separate process to run the scripts, which helps a lot. But they

The scenario The user right-clicks a directory in Finder and finds a custom MenuItem. Clicking that Item will tell my app to open up a window where the user can do his work. When he is finished files need to be written to to the folder he selected by right-clicking. The Problem I got everything to work now, but the very last part. The extension can't write to the selected folder. The user selecting the folder he wants to interact with seems to not be part of the Powerbox which - how I understand it - is only activated with openPanel and savePanel . How do I get the rights to interact with the