• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

New Free Online Java Compiler and Runner

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi to all,

After many weekends of work, I just deployed yesterday a new version of a free online java compiler and runner for the community at http://www.browxy.com

It's useful when you want to try code fast and easily without having a JDK installed.

One cool thing is that you receive the results immediately and also you can run thread programs and see the results in the same time they are generated.

It also allow for command line arguments and it works in firefox, explorer and also I tried it in an IPOD.

I'd love to receive feedback and suggestions to make it better (I added twitter)

I'm planning to add more features like let users to save code and make a directory of useful programs

Thanks a lot!
David
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am curious as to what security precautions you have implemented.

For example, what prevents running code from modifying/destroying your file system?

Bill
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is it still working correctly? I typed in a simple Hello World program:

When I click the Run button, nothing seems to happen. There's a green bar that says "Running" but I don't see the output anywhere.

What happens when someone enters a program that allocates a lot of memory? Or an endless loop that eats up all the processing power? Or does things to the file system, as William says? Where is the code running, on the server?
 
David Bremmen
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
William, Jasper
Thanks a lot for trying the compiler and for the feedback

Jasper, yes it's working. What browser are you using? I tried it on firefox and the last internet explorer and it worked well, but I haven't tried yet in other browsers.

About security.
There is a main program that compile each program and locate the result in a directory. Then for running each user program I use a separate linux script that executes with a restricted user that have access only to that directory. That script executes the program in background and return to me the processId.
The main program after ten seconds of execution of the process kill it. For example this program will be killed:



About memory consumption I haven't thick too much, but I think that the kill help with that

Do you think of other security problems that I could have ?

Thanks again
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

David Bremmen wrote:Do you think of other security problems that I could have ?


You may want to restrict the user in a more fine-grained way than Unix user privileges allow you to do, for example by preventing network connections (or maybe that's possible these days, I'm not a sys admin). Running the JVM with a very tight security manager would let you accomplish that, in addition to controlling file access, access to Java system properties etc.
 
Jesper de Jong
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was using Google Chrome on Windows 7.

Just tested it on IE8 and the Hello program works fine.

If I type in something strange, for example only a single "x" in the source code field, and press Run, it stays on "Running" forever (also in IE).
 
Bartender
Posts: 6663
5
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Nice work David. Some things that I observed

for example only a single "x" in the source code field, and press Run, it stays on "Running" forever (also in IE).



Seems ok on Chrome.

I like the concept, but the site takes up only half the page (in chrome). I can see a twitter bar (barely) on the side. Cross site CSS needs to be taken care of.

Do you think of other security problems that I could have ?



I can think of at least 2 (But you might have handled them already). I can mention them here if you are comfortable with that.

Running the JVM with a very tight security manager would let you accomplish that, in addition to controlling file access, access to Java system properties etc.



I believe the spawned process does indeed run on a separate security manager.
 
Marshal
Posts: 79656
381
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch He's called Jesper, not Jasper.
It worked for me on Firefox.
But it isn't taking command-line arguments correctly; if I missed out the arguments I got a NumberFormatException for "" whereas I ought to have got an ArrayOutOfBoundsException for args[0] when args was an empty array.
 
David Bremmen
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Jesper sorry for renaming you

Thanks for the suggestions !

You may want to restrict the user in a more fine-grained way than Unix user privileges allow you to do, for example by preventing network connections (or maybe that's possible these days, I'm not a sys admin). Running the JVM with a very tight security manager would let you accomplish that, in addition to controlling file access, access to Java system properties etc.


I didn't know the existence of the security manager, and even if I start the java programs in a spawned process with a non privileged user I verified that I can browse the filesystem with a Java program After adding the default security manager to the launched programs this was prevented. Now is using the default configuration. I think I need to read more about this subject to fine grain the security manager. Is there a configuration, different from the default one that you see as an important security flaw ?

If I type in something strange, for example only a single "x" in the source code field, and press Run, it stays on "Running" forever (also in IE).


I think that this is fixed now

I like the concept, but the site takes up only half the page (in chrome). I can see a twitter bar (barely) on the side. Cross site CSS needs to be taken care of


Yes I agree completely. I need to make the page more dynamic when used in different browsers. I'm using for the textareas (cols and rows). Is there any other way to tell the text area to expand as much is it wants in a confined area ?

I can think of at least 2 (But you might have handled them already). I can mention them here if you are comfortable with that.


Yes please, as the program is on a beta state I'd like to improve as much as is possible. Also I learn more about java security

But it isn't taking command-line arguments correctly; if I missed out the arguments I got a NumberFormatException for "" whereas I ought to have got an ArrayOutOfBoundsException for args[0] when args was an empty array.


Is this continue happening ?

I replaced the twitter panel with a last submission panel. Do you think it would be useful for users to manage their submissions ?

Thanks Again for all the comments, looking forward for more
 
Campbell Ritchie
Marshal
Posts: 79656
381
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I tried this little Fibonacci number programand got this output when the arguments field was empty

--- Finished Compilation succesfully ---

--- Starting Execution ---

Exception in thread "main" java.lang.NumberFormatException: For input string: ""
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
at java.lang.Integer.parseInt(Integer.java:470)
at java.lang.Integer.parseInt(Integer.java:499)
at Fibonacci.fib(Fibonacci.java:10)
at Fibonacci.main(Fibonacci.java:5)

--- Finished Execution Normally ---

It ought to find an empty args array and throw an ArrayIndexOutOfBoundsException. No change from my last attempt.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

David Bremmen wrote:Now is using the default configuration. I think I need to read more about this subject to fine grain the security manager. Is there a configuration, different from the default one that you see as an important security flaw ?


I think the default policy doesn't grant any FilePermission, which may be too harsh, depending on whether you want to allow that. Maybe access to one particular directory would be OK - like the machine's temp directory.

I'd say no SocketPermission, no AWTPermission, no RuntimePermission. The default set of PropertyPermissions should be OK.

Some more reading material: security manager intro, the tech details of policy files, an article I wrote about how to use security managers and classloaders to protect you from untrusted code
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would like to see an online Java development environment that would actually allow you to download the finished product of all your hard work.
 
David Bremmen
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi everyone !. Yesterday I released a new beta version of browxy where you can:

Program and Run interactive java programs that use classes like Scanner
Program and Run applets and see results online
Save, Edit, Rename your code
Publish your programs to a public URL !

I hope you will enjoy the new features
There is a section to give feedback also
 
David Bremmen
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear all,



I just wanted to share some interesting programs created and published by some users at browxy.
For all of them you can see the souce (link in the upper-right) and also make your own version of it if you like

a) Applet program that show a line changing its position
http://www.browxy.com/user/brianhhw/Threads1_Brian

b) Applet program of a box that follows the mouse
http://www.browxy.com/user/brianhhw/Mouse1_Brian

c) Applet program where a line follows the mouse
http://www.browxy.com/user/brianhhw/Mouse3_Brian

d) Applet Program where a color pallete is shown
http://www.browxy.com/user/brianhhw/DrawingWithColor1_Brian

d) Tetris (I posted this myself)
http://www.browxy.com/user/david/Tetris

e) HangMan (Console program)
http://www.browxy.com/user/david/hangman

 
Yeah. What he said. Totally. Wait. What? Sorry, I was looking at this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic