· Mar 2, 2017 1m read

Trusting the code you import

As more people join Developer Community, and with increasing efforts to promote code sharing, I'd like to draw fresh attention to this post I wrote a year ago. It spotlights a feature within the class compiler which is both useful and dangerous. When importing code (e.g. from an XML export of classes received from someone), it's worth considering the risks.

Even if that post doesn't seem relevant to you at the moment you may wish to note it for the future. A handy way of doing this is to click the star icon at the end of it.

Discussion (1)2
Log in or sign up to continue

Hi, John!

I think it refers not only the "importing xml" cases but also any installation of any 3rd party tool or solution to your target InterSystems Caché or Ensemble server. 

I think the Package Manager can cover some risks in this field.

Another idea relates to docker technology: install the "unknown" but interesting solution into the docker container first and see how it works and where it tries to send the data and etc.