contents   index   previous   next

Writing a Security Manager


Whenever you wish to interpret a script, via the API using jseInterpret() or in a script using SElib.interpret(), you can attach a security manager to the child script that you are running. As long as that child script calls other functions only within that script, it is allowed to do so. If it tries to call an insecure function, your security gets called. Obviously, insecure wrapper functions are always checked.


In the case of a script using SElib.interpret() to interpret a child script, that child may be able to try to call functions in the parent. Since the security you added only applies to the child script, the functions in your original script are also considered insecure to the child. The child must get permission to call them exactly like it would need to get permission to call an insecure wrapper function directly.


You can think of your security manager as a big wall with a heavily guarded door. As long as the script stays on its side of the wall, it is fine. The parent script and all wrapper functions are on the other side of the wall. If the child script wants to get access to them, it must convince the guards to let it through.


Let's look at the pieces that make up these security guards.