...
An alternative policy is to create a secure sandbox using a security manager. (See SEC58-J. Create a secure sandbox using a Security Manager.) The application should not allow the script to execute arbitrary commands including, for example, querying the local file system. The two-argument form of doPrivileged() can be used to lower privileges when the application must operate with higher privileges but the scripting engine must not. The RestrictedAccessControlContext strips the permissions granted in the default policy file by reducing the permissions granted to the newly created protection domain. The effective permissions are the intersection of the permissions of the newly created protection domain and the systemwide security policy. Refer to VOID SEC00-JJG. Avoid granting excess privileges for more details on the two-argument form.
...
IDS53-JG. Prevent LDAP injection
00. Input Validation and Data Sanitization (IDS) VOID IDS53-J. Account for supplementary and combining characters in globalized code