How PF4J protect the application program from the bugs or panic errors of plugin code ?

[zouxyan]

We want to use PF4J in our development for business but we concern about the safety problems.
Any help is appreciated.

[decebals]

The idea is that you have to trust the loaded plugins. I'm working to a feature related security which prevents a plugin to work with files, sockets and other sensible resources. It's a kind of plugin sandbox but I think it's not what you are looking for.
I don't know if you can isolate completely a plugin from application or other plugins. If the plugin contains bugs or malicious code (depletes resources, ..) then the problem will be propagated to the application somehow. If it's a bug then the functionality added by plugin (via Extension) it will not be available in application, you will see the stacktrace and eventually you can disable the plugin.
Do you have any ideas related to how we can implement this protection or have you seen a plugin framework (Java or non Java) that solves a such problem?

[zouxyan]

Thanks for reply.
Maybe we can start an extension in server mode with a sub-process. I mean that a client for extension server hold in application program and the extension server run with a sub-process. If so, problems from the extension code damage nothing from application program. Just a thought. Here is a simple design picture.

[decebals]

Probably is achievable, especially in light of the fact that PF4J is a very customizable library (you can change almost any aspect of it).
The proposed use case is somehow particular and the implementation complicates things. From this reason I don't see this implementation in core, maybe in an external project.
If you start working on this functionality (a POC), I'm curious how things are going, so please share your progress with us.

[zouxyan]

I see your point. And m still thinking about it, so no progress for now. Maybe in future I would start a work about it. Thanks again.😁