[IGNITE-11410] Sandbox for user-defined code - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.9
Component/s: None
Labels:
- iep-38
- important

Release Note:
- Implemented functionality to run user-defined code inside sandbox
Ignite Flags:

Docs Required

Description

We should provide a restricted environment (sandbox) in which to run user-defined code securely. To get it done, we would use the java sandbox model.
The java sandbox model allows restricting access from user-defined code to the system resources or security-sensitive feature of java, for example, reflection.

The user-defined code contains:

StreamReceiver for DataStreamer:
EntryProcessor;
ComputeJob;
filter and transformer for ScanQuery.

The user-defined code will get permissions from GridSecuerityProcessor (security plugin).

Attachments

Issue Links

blocks

IGNITE-12282 Access restriction to the internal package of Ignite

Resolved

relates to

IGNITE-12283 Getting proxied components of Ignite through the Ignition interface inside the sandbox

Resolved

requires

IGNITE-9560 Security Engine fixes and test coverage. Phase #1.

Resolved

links to

GitHub Pull Request #6707

IEP-38

Activity

People

Assignee:: Denis Garus

Reporter:: Anton Vinogradov (Obsolete, actual is "av")

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 25/Feb/19 12:36

Updated:: 26/Jun/20 11:09

Resolved:: 09/Dec/19 07:02

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 50m