couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Shorin <>
Subject Re: Elixir Sandbox
Date Wed, 16 Oct 2013 21:03:25 GMT
On Thu, Oct 17, 2013 at 12:54 AM, Filippo Fadda
<> wrote:
> Sandboxing is something optional I think, you need only when you are developing a CouchApp,
when you do all in JavaScript, using the _users database and running the app inside CouchDB.
But if you are just using CouchDB like a database, developing a web app using PHP or Python,
for example, you'll never give access to CouchDB from outside, through Futon for example,
so no one will be able to store a new design doc in your database to run malicious code. I'm
using PHP with the ElephantOnCouch Query Server, writing ddoc in PHP, and I really don't see
why I should using runkit to sandboxing the Query Server.

Because you are running your code and you trust yourself (I hope so).
Another user may not trust you or your code, so he have to inspect
every bit of your code to make sure that it wouldn't make a big
security hole in his server. Having sandboxing feature guarantees him
that he may run third party code with no worries about.


View raw message