Domain Specific Language security

Is there a way to write a DSL which limits the access by a user? Since
this
is Ruby, they could write any arbitrary expression such as
MyModel.delete_all

My users would not do this on purpose, but perhaps by accident.
I have read some about Sandboxes, but don’t see how it would
prevent something like this.

Thanks in advance,
Don Mc

On Mar 26, 10:10 am, “Don.Mc” [email protected] wrote:

Is there a way to write a DSL which limits the access by a user? Since
this
is Ruby, they could write any arbitrary expression such as
MyModel.delete_all

My users would not do this on purpose, but perhaps by accident.
I have read some about Sandboxes, but don’t see how it would
prevent something like this.

Sandboxes can be created by setting the Safe Level for your
application. Ruby has a variable $SAFE which controls the Safe Level.
To create a sandbox, set up your enviroment using the default Safe
Level (0) and then raise the Safe Level to 4, the highest level. At
Safe Level 4 there can be no subsequent changes to the environment.
This may be more than you want and may limit the effectiveness of your
DSL. Try it out – see if will work for you.

Dale,
Thanks! That is exactly what I needed.

Regards,
Don McClean

On Mar 26, 10:26 am, “Dale M.” [email protected]