Stack Overflow
Stack Overflow

Questions tagged [trusted-vs-untrusted]

19 questions
8
votes
7 answers

sandbox to execute possibly unfriendly python code

Let's say there is a server on the internet that one can send a piece of code to for evaluation. At some point server takes all code that has been submitted, and starts running and evaluating it. However, at some point it will definitely bump into…
facha
  • 11,862
  • 14
  • 59
  • 82
6
votes
3 answers

Can TeX code be safely executed from untrusted sources?

MediaWiki allows one to embed TeX math code that is rendered into images and posted into the Wiki pages. Is this safe? If one allows untrusted users to input TeX programs to be executed by an interpreter running in a web server, does it open the…
Arcane
  • 1,230
  • 1
  • 8
  • 15
6
votes
7 answers

Languages other than SQL in postgres

I've been using PostgreSQL a little bit lately, and one of the things that I think is cool is that you can use languages other than SQL for scripting functions and whatnot. But when is this actually useful? For example, the documentation says that…
Jason Baker
  • 192,085
  • 135
  • 376
  • 510
5
votes
3 answers

Securing SSJS against unverified code

I want to use node.js (or other SSJS solution), running my own code + external written code inside (untrusted). Any way to seperate and protect my own code? Could I limit the modules and system effect of th untrusted code (limit access to files, non…
Adam
  • 51
  • 1
4
votes
0 answers

How vulnerable is running untrusted code with limiting references using AssemblyLoadContext in C# .NET Core

I am trying to run untrusted codes uploaded by user in my server. My users want to write simple functions to be executed on server like this: public class HelloWorldPlugin { public string GetResult(string input) { //return…
Amir Pournasserian
  • 1,600
  • 5
  • 22
  • 46
2
votes
1 answer

SQL Server untrusted foreign keys

I have several SQL Server 2005 databases with untrusted foreign keys. These keys are marked as "Not for Replication" (is_not_for_replication=1) in the sys.foreign_keys object catalog view. I have run a script that captures these untrusted keys and…
Chris Zilligen
  • 121
  • 1
  • 4
1
vote
1 answer

Safely run executable in Node

I found myself having to implement the following use case: I need to run a webapp in which users can submit C programs, which need to be run safely on my backend. I'm trying to get this done using Node. In the past, I had to do something similar but…
Samuele B.
  • 481
  • 1
  • 6
  • 29
1
vote
0 answers

Untrusted code in hadoop

Bob and Alice are working in different divisions of an organization. They use a Hadoop cluster in multi-tenancy mode with Yarn and Kerbros authentication. It is clear that Bob cannot read Alice's data directly because Namenode and hdfs checks…
Dmitry Petrov
  • 1,490
  • 1
  • 19
  • 34
1
vote
1 answer

How can I import a untrusted root certificate?

I am connected via VPN to some other network outside of my computer's Domain. Everything works well except when I attempt to go to a WebSite within the VPN Tunnel (and in another domain). This is the first message: But the issue isn't that the…
JWP
  • 6,672
  • 3
  • 50
  • 74
1
vote
2 answers

Detect untrusted SSL acces on the server-side?

The Question Is there a way to detect wether a visitor trusts the SSL connection/certificate? I really could not find anything on the web or on stackoverflow. I think it's a pretty uncommon question. A Use-Case I'm using a certificate from StartSSL.…
Arne L.
  • 2,194
  • 19
  • 19
0
votes
1 answer

Spring Security integration into active directory

I want to authenticate my web service in Spring with an Active Directory lookup at both the producer and the consumer - under the Principal that that each are executing under (ie Service Accounts). I'm assuming I have to use…
hawkeye
  • 34,745
  • 30
  • 150
  • 304
0
votes
0 answers

How do I restrict untrusted code, now that CAS is deprecated?

Code access security (CAS) being now deprecated, what is the alternative, in .NET 6, when it comes to restricting the untrusted third-party code that is being executed by the application? For instance, if the application makes it possible to add…
Arseni Mourzenko
  • 50,338
  • 35
  • 112
  • 199
0
votes
0 answers

Safe literal_eval with potential for indexing

I am looking for a way to evaluate string syntax that allows for indexing. Example: string = '[1,2,3][0]' foo = literal_eval( string ) In this case, I want foo to equal 1 ast literal_eval does not support this because It is not capable of…
Jay Ocean
  • 273
  • 1
  • 3
  • 14
0
votes
1 answer

How to fix CWE 829 - Inclusion of Functionality from Untrusted Control Sphere

As part of veracode scan i got CWE 829 -Inclusion of Functionality from Untrusted Control Sphere error thrown. Below I have pasted my Java code and in line#3 i'm getting this vulnerability. I didn't find much about this issue. Can some one assist me…
Venkat
  • 35
  • 3
  • 7
0
votes
1 answer

... (or it has a valid, but untrusted signature)

iPhone 3GS: builds and installs just fine New ipod touch: "This provisioning profile does not have a valid signature (or it has a valid, but untrusted signature)." All the related posts say to start from scratch on provisioning, but it works on…
rd42
  • 3,584
  • 15
  • 56
  • 68
1
2