Knowledge Base (Display) Knowledge Base (Display)

SandBoxing PACL

SandBoxing: Liferay PACL enabled (Liferay portals 6.1.2+)

Liferay PACL (Portal Access Control List) allows Liferay administrators to control what a plugin application is granted to do. Particularly, in which System folder & files a plugin might attempt to read /write /delete, which aspects of a Java Virtual Machine & Network are utilized, which JNDI resources can be accessed etc.

  • This security mode is facultative: you can choose to enable / disable it at a portal level or at each application level. If you need to disable it for Visioneo, edit <visioneo home>/WEB-INF/liferay-plugin-package.properties and set property security-manager-enabled to false
  • If you choose to keep the security manager activated, a huge benefit is your BIRT reports will also take advantage of the sandbox ! Your portal acts as a safeguard which makes sure reports (and any java library they might invoke) won't try to read, write, delete, or connect to resources they are not allowed to.

    Obviously most of the time reports are designed by trusted staff, but mistakes can always happen and oftenly some external libraries & scripts are used. The security manager brings serenity and safety!

  • From version 2.0 this sandboxing report is embedded in Visioneo packages, it is very helpful to find out which resources can be accessed by birt.

Average (0 Votes)