[antlr-interest] Java Grammar and how to use it to create a script language to my app
Laurent Caillette
laurent.caillette at gmail.com
Thu Nov 6 03:55:06 PST 2008
Another aspect to consider is security / safety. As users upload some
kind of executable code, he / she might do illegal stuff on the server
like accessing to the filesystem or gaining more access rights to
attack another server. If your language allows something like a loop
or resource allocation, unchecked CPU / memory consumption may quickly
lead to a Denial Of Service. This could be caused even by benevolent
users.
I've already developed a small formula language for generating
server-side reports. By the way it was based on ANTLR and we started
from the Java grammar but there was nothing like a loop, it was all
declarative stuff. From the prototype to a polished tool with nice
error display and basic types, it was surprisingly time-consuming.
So my advice is to head toward an existing language with built-in
security features. Rhino takes the security aspect in account, while
it doesn't seem to go a lot further than Java's SecurityManager.
https://developer.mozilla.org/en/Rhino_Overview#Security
c.
On Fri, Oct 31, 2008 at 2:25 AM, me tk82c <me.tk82c at gmail.com> wrote:
> Hello Everybody!
>
> I'm trying to create a new language to allow my users to write small scripts
> in our web app.
>
> There is any short way to do that? Something like, download the existent
> java grammar from ANTLR and implement the specific functions that users will
> use in my app with this "Java" version.
>
> Please, help!
>
> tk
>
>
> List: http://www.antlr.org/mailman/listinfo/antlr-interest
> Unsubscribe:
> http://www.antlr.org/mailman/options/antlr-interest/your-email-address
>
>
>
More information about the antlr-interest
mailing list