Versions Compared

Old Version 15

changes.mady.by.user Denis Garus

Saved on

compared with

New Version Current

changes.mady.by.user Denis Garus

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

GreyDRAFT
IDIEP-38
Author
 Denis Garus
Sponsor

Anton Vinogradov

Created 16.10.2019
Status

Status
colour

Green
title

ACTIVE


Table of Contents

Motivation

...

The main unit of the Ignite Sandbox is the IgniteSandbox interface, accessed through IgniteSecurity.
Users for this interface are components that can run a user-defined code. To run a user-defined code with restrictions,
they have to pass it to the IgniteSandbox.execute method.

There are two a few conditions to run user-defined code with restrictions:

  • installed GridSecurityProcessor;
  • GridSecurityProcessor#sandboxEnabled == true;
  • installed SecurityManager.

...

  1. Restrict access a user-defined code to internal API of Ignite:
    a. Restrict internal package access;
    b. Encapsulation of IgniteKernal.
  2. Execution a user-defined code in the Ignite Sandbox for the following features:
    a. Continuous Queries;
    b. IgniteMassaging;
    c. ServiceGridIgniteEvents.

Risks and Assumptions

The existing implementations of interfaces Runnable, IgniteRunnable,
Callable.class, IgniteCallable, ComputeTask, ComputeJob, IgniteClosure, IgniteBiClosure, IgniteDataStreamer, IgnitePredicate,
IgniteBiPredicate cannot cast the instance of Ignite to IgniteEx or IgniteKernal if the sandbox Sandbox is enabled.

Discussion Links

http://apache-ignite-developers.2346864.n4.nabble.com/Review-needed-for-IGNITE-11410-Sandbox-for-user-defined-code-td43955.html

...