Details
-
Type:
Wish
-
Status:
Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Number of attachments :
Description
At the moment the excecution of groovy Scripts or the Usage of Groovy classes as Plugins (for example an groovy osgi bundle) can lead to security issues because of the MOP.
For example:
def sql = "select * from user where user.name="+ againstSqlInjectionCheckedName +";"
If no a plugin or scripts override the plus method of String in its meta class, it can inject every SQL it whishes.
It would be nice if their where an MetaClassModificationPermission, which would be checked before each MetaClass modification, to ensure the code has rights to change a class.
even better would be if their are such permission for Class,Package, CodeDomains etc..., so we could protect hole domains, packages from modification by a script etc ...