sandbox

I would like to have the ability to let users submit arbitrary JavaScript code, which is then sent to a Node.JS server and safely executed before the output is sent back to multiple clients (as JSON). The eval function comes to mind, but I know this has multiple security concerns (the user submitted code would be able to access Node's File API, etc). I have seen some projects like Microsoft Web Sandbox and Google Caja which allow execution of sanitized markup and script (for embedding third-party ads on websites), but it seems that these are client-side tools and I'm not sure if they can be

I am looking for a simple and secure way to access plugins from a .NET application. Although I imagine that this is a very common requirement, I am struggling to find anything that meets all my needs: The host application will discover and load its plugin assemblies at runtime Plugins will be created by unknown 3rd parties, so they must be sandboxed to prevent them from executing malicious code A common interop assembly will contain types that are referenced by both the host and its plugins Each plugin assembly will contain one or more classes that implement a common plugin interface When

I need to call some semi-trustworthy Java code and want to disable the ability to use reflection for the duration of that code's execution. try{ // disable reflection somehow someObject.method(); } finally{ // enable reflection again } Can this be done with a SecurityManager, and if so, how? Clarification/Context: This is a follow-up to another question about restricting the packages that can be called from JavaScript/Rhino. The accepted answer references a blog entry on how to do that, and it requires two steps, the first one using a Rhino API (ClassShutter), the second one turning off

I’m using the Instagram API in sandbox mode. I’m trying to access a User’s liked posts from the Instagram API using their authenticated access token. This user is one of the accepted sandbox users for my app, and has liked some posts. If I call other endpoints with the same token, I get some data, but accessing /users/self/media/liked returns empty data. I’m using this URL: https://api.instagram.com/v1/users/self/media/liked?access_token={verified access token} and this is the result I’m receiving: {"pagination": {}, "meta": {"code": 200}, "data": []} Because it has a 200 return code, the

I'd like to build a C pre-processor / compiler that allows functions to be collected from local and online sources. ie: #fetch MP3FileBuilder http://scripts.com/MP3Builder.gz #fetch IpodDeviceReader http://apple.com/modules/MP3Builder.gz void mymodule_main() { MP3FileBuilder(&some_data); } That's the easy part. The hard part is I need a reliable way to "sandbox" the imported code from direct or unrestricted access to disk or system resources (including memory allocation and the stack) . I want a way to safely run small snippets of untrusted C code (modules) without the overhead of putting them