couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: Elixir Sandbox
Date Wed, 16 Oct 2013 21:16:07 GMT
On Wed, Oct 16, 2013 at 10:54 PM, Filippo Fadda <
filippo.fadda@programmazione.it> wrote:

> Sandboxing is something optional I think, you need only when you are
> developing a CouchApp, when you do all in JavaScript, using the _users
> database and running the app inside CouchDB. But if you are just using
> CouchDB like a database, developing a web app using PHP or Python, for
> example, you'll never give access to CouchDB from outside, through Futon
> for example, so no one will be able to store a new design doc in your
> database to run malicious code. I'm using PHP with the ElephantOnCouch
> Query Server, writing ddoc in PHP, and I really don't see why I should
> using runkit to sandboxing the Query Server.
>
> -Filippo
>

Sandboxing is not only needed for couchapps but also views. If someone
using a view inspect your hd  and emit the result or send  your docs using
a tcp connections to an unknown remote target it can be a risk. That's why
it's needed. Even allowed users can be a possible risk.

- benoit





>
> On Oct 16, 2013, at 10:27 PM, Jan Lehnardt wrote:
>
> > Another option would be to start with treating the Elexir Query Server
> > like the Erlang Query Server and keep it off by default and with full
> > access to the internals, so people could opt into it, if their
> environment
> > allows for it.
> >
> > Sandboxing could be a step on top or later.
> >
> > I for one would like to see native Elexir support for Views et.al in
> CouchDB :)
> >
> > Best
> > Jan
> > --
> >
> > On Oct 16, 2013, at 20:48 , Paul Davis <paul.joseph.davis@gmail.com>
> wrote:
> >
> >> There have been discussions on figuring out how to sandbox Erlang. The
> >> biggest thing on that front was that we'd want it to be a whitelist as
> >> opposed to a blacklist of modules and/or module/function pairs. The
> >> second is that with dynamic invocation its not immediately apparent if
> >> that's entirely possible to do.
> >>
> >> On Wed, Oct 16, 2013 at 10:39 AM, Chris Keele <email@chriskeele.com>
> wrote:
> >>> Hey everyone! I'm trying to develop a sandbox for Elixir, and I wanted
> to see how such a library might prove useful to the CouchDB dev community.
> >>>
> >>> My initial goal is just to be able to run string of code in a
> predefined environment with configurable modules disabled, returning all
> output. But I'd like to design it for bigger things from the ground up, so
> I was wondering what sorts of requirements you might have of a sandbox
> library if you wanted to, say, implement a secure view processor.
> >>>
> >>> I've started a discussion thread here:
> https://groups.google.com/forum/#!topic/elixir-lang-talk/wA1l74HCZmI, but
> I'm particularly interested in your opinions!
> >>> --
> >>> Chris Keele
> >>>
> >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message