Main Content

Playing With Fire: Running Uploaded Ruby Code in a Sandbox

About the Talk

April 17, 2009 7:15 AM

San Francisco, CA

San Francisco, CA

In this session, David Stevenson explores how to run untrusted code inside a ruby application using a sandbox. With this powerful technique, users can upload code that integrates as part of a larger application, making it ideal for custom business rules, dynamic games (think SecondLife), and science/math applications. Ruby's english-like syntax and ease of creating DSLs makes it a good scripting candidate for non-technical people.

The sandbox isn't perfect, however, and we'll also explore where it can get into trouble. By diving into how it works, we can understand its limitations and not create security holes when using it. We'll also look at how to make it easier to use, by adding on some helper gems to the original sandbox gem (developed by Why-the-lucky-stiff, with small improvements by David Stevenson). Finally, we'll actually write a tiny game during the sessions where the audience can upload components.

Ratings and Recommendations

This Talk hasn't been rated yet. Sign In to rate Talks.

comments powered by Disqus