Note: I'd appreciate some tag suggestions for this one..
I'd like to provide my users with a method of programmatically manipulating data on the server. This would be done by using an in-browser code editor to be executed at a later date, not dissimilar to the manner https://www.onx.ms employ.
I'd like to avoid writing a DSL (a barrier to adoption?), and would prefer the language that the user writes to be either JavaScript or Ruby based.
My obvious concern is security. I understand the perils of allowing user generated code to run server-side, but what steps can I take to eliminate the risk?
Do sites like http://railsforzombies.com actually use irb, or is it far simpler than that?
Would you consider Java (or other JVM languages such as JRuby, Scala, Clojure etc)? If so - there is a wealth of power in the JVM to restrict the privileges of a sandboxed app. See this other question for details: How do I create a Java sandbox?