couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Shorin <kxe...@gmail.com>
Subject Re: Elixir Sandbox
Date Wed, 16 Oct 2013 21:16:22 GMT
On Thu, Oct 17, 2013 at 1:13 AM, Jan Lehnardt <jan@apache.org> wrote:
> On Oct 16, 2013, at 23:03 , Alexander Shorin <kxepal@gmail.com> wrote:
>
>> On Thu, Oct 17, 2013 at 12:54 AM, Filippo Fadda
>> <filippo.fadda@programmazione.it> wrote:
>>> Sandboxing is something optional I think, you need only when you are developing
a CouchApp, when you do all in JavaScript, using the _users database and running the app inside
CouchDB. But if you are just using CouchDB like a database, developing a web app using PHP
or Python, for example, you'll never give access to CouchDB from outside, through Futon for
example, so no one will be able to store a new design doc in your database to run malicious
code. I'm using PHP with the ElephantOnCouch Query Server, writing ddoc in PHP, and I really
don't see why I should using runkit to sandboxing the Query Server.
>>
>> Because you are running your code and you trust yourself (I hope so).
>> Another user may not trust you or your code, so he have to inspect
>> every bit of your code to make sure that it wouldn't make a big
>> security hole in his server. Having sandboxing feature guarantees him
>> that he may run third party code with no worries about.
>
> Heh right, I think Filipo is aware of the dichotomy. I think all we want to say is that
Elexir support for CouchDB is very welcome with and without a sandbox (or both :)

Agree (:

--
,,,^..^,,,

Mime
View raw message