clojure

How can I sandbox Clojure?


I am writing an application which allow users of my application to extend it using Clojure. The Clojure is entered via a web page in the application and "evaled" to run. My question is how can I sandbox this code entered by the users so that it does not corrupt anything or call System.exit or anything like that?


Solution

  • You should be able to constrain access to code by configuring JDK level permissions. Have a look at the RuntimePermission settings, there's for example a direct setting to inhibit halting the JVM (e.g. System.exit).