couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Klaus Trainer <>
Subject Re: Branch to switch from SpiderMonkey to Node.js
Date Sun, 03 Feb 2013 15:44:47 GMT
On Thu, 2013-01-31 at 14:46 +0000, Jason Smith wrote:
> The word "sandbox" is vague. There is no clear definition. (There is a
> mundane historical reason for that: the "sandbox" was whatever the C
> program did.)

Good point. For instance, even if you're executing JavaScript within
plain Spidermonkeys, people might still be able to issue
denial-of-service attacks against your system. Or side channel attacks.

Earlier in this thread, I wrote a response to your email from Thu, 31
Jan 2013 16:54:45 +0000, where I put a list of "Seven Degrees of
Sandboxing" and try to help finding a good approximation for what the
notion of "sandbox" will mean to us. I just realized that it might have
been a better fit to put it here.

> Prediction: as quickly as we identify sandbox features, somebody can build
> a Node.js implementation to reasonable satisfaction. But we'll see.


View raw message