[e-lang] Newbie Joe-E questions
Jimmy Wylie
jwylie at uno.edu
Sun Nov 9 04:06:09 CST 2008
Adrian Mettler wrote:
> Thanks for your interest in Joe-E!
>
> The taming database is defined using .safej files. Placing a file in
> mypackage/ScannerWrapper.safej that lists the constructors, methods, and
> fields from ScannerWrapper class that are safe to use will allow them to
> be used by Joe-E code. I don't currently have good documentation on the
> format of .safej files, but it shouldn't be hard to infer by looking at
> the existing .safej files that are provided for some of the Joe-E
> library classes. There exists code to generate the safej file, but
> unfortunately it isn't currently exposed with a UI -- I may add one for
> the upcoming release.
>
> -Adrian
>
>
Thanks for your help. The Joe-e verifier finally accepted my program.
But I still have a couple more questions, if you don't mind, regarding
taming.
First, is there any tamed networking library for Joe-e? I was going to
try and write a chat application, with Joe-e, similar to the one in E in
a Walnut, but I'm not sure what libraries to use so that the program
will have comparable security properties. Would the ref_send API from
the Waterken server be an appropriate solution? I've only looked at it
briefly
Second, is there any formal documentation on how to go about taming the
java libraries?
Third, what sort of programs use Joe-e presently given the minimal state
of safe libraries? I can already see how the verifier is useful for
checking for different security issues like static fields and such, but
currently how do you bypass the library issue to write programs? Do you
try and tame the libraries you need on your own, or just use the
libraries you need and cross your fingers hoping java keeps you safe?
Thanks again,
Jimmy Wylie
More information about the e-lang
mailing list