Can Kotlin be sandboxed?

daniels0xff · April 23, 2016, 3:08pm

Can I use Kotlin to allow users to develop plugins for my app but give them sandboxed access? As in not allow them to use certain APIs like filesystem API so that they can walk the server or read files they shouldn’t etc…

So basically to create a sandbox where they would have access only to the API that is exposed to them and not them being able to import everything they want.

mikehearn · April 24, 2016, 1:44pm

That’s not a Kotlin specific feature. You’d use the JVM sandboxing architecture to do that.

daniels0xff · April 24, 2016, 2:49pm

Can you point me into the right direction to know what exactly to look for?

dalewking · April 24, 2016, 3:47pm

Java.lang.SecurityManager is the JDK sabdboxing mechanism. See this tutorial for more info Java Security Architecture: -

daniels0xff · April 24, 2016, 6:43pm

Thank you.

mikehearn · April 26, 2016, 3:36pm

Be aware that constructing secure, safe sandboxes with the JVM APIs is tricky. It can be done and the JVM provides everything you need, but there’s a lot of different ways to do it and a lot of different ways to screw it up.

You can take a look at this library for ideas:

Topic		Replies	Views
Sandboxed DSL Language Design	2	1803	November 7, 2016
Is it possible to translate Kotlin to Java without Kotlin libraries?	4	1103	November 14, 2018
Thread safe Data Structures in Kotlin Language Design	7	18350	November 30, 2020
Can you use Kotlin libraries in Java without the Kotlin runtime? Libraries	4	2649	January 26, 2022
How will Kotlin handle Valhalla? Language Design	1	2348	January 18, 2016

Can Kotlin be sandboxed?

Related Topics