In this question's answers someone can find many sites (like ideone) allowing a user to write and run programs online. I'm interested in making something similar (only for Java code though) and was wondering on how can this be done.
A simple idea would be take user's given code, send it to server, compile it, run it and then send back the output to the user. But what if the user has malicious code like deleting my server files, etc.? If I wanted to create the same thing for the C programming language, I guess I could just get the assembly code of the C file, see what system calls are being used and decide whether the given code is malicious or not. Based on the previous idea, should I look in Java, the program's created bytecode? Is there any better/easier way to do it?
Don't reinvent the wheel, Java has the SecurityManager mechanism to restrict potentially malicious code
Reference