[kepler-dev] actor whitelist/blacklist

Paul Allen pea1 at cornell.edu
Fri Aug 29 05:29:26 PDT 2008


I'm wondering if anybody has come up with a black list of actors that 
represent major security issues when running on remote systems? E.g., 
the command line actor represents a major security issue. Likewise I'd 
guess that the R actor is a security threat since I suspect that there 
is also an R function that gives access to the command line.

Conversely, maybe someone has come up with an actor white list that 
represent safe actors?

Or am I taking the wrong approach when thinking about this? Maybe the 
way to do things is using Java security policies?

Thanks,
-Paul






More information about the Kepler-dev mailing list