Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0373510BC9 for ; Tue, 12 Nov 2013 07:59:17 +0000 (UTC) Received: (qmail 66473 invoked by uid 500); 12 Nov 2013 07:59:14 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 66299 invoked by uid 500); 12 Nov 2013 07:59:09 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 66285 invoked by uid 99); 12 Nov 2013 07:59:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Nov 2013 07:59:07 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of alcosholik@gmail.com designates 209.85.223.175 as permitted sender) Received: from [209.85.223.175] (HELO mail-ie0-f175.google.com) (209.85.223.175) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Nov 2013 07:59:03 +0000 Received: by mail-ie0-f175.google.com with SMTP id u16so6101186iet.34 for ; Mon, 11 Nov 2013 23:58:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=XKZZRu3OHuXqkZJ1d8efkkiOVhtIViiD75h48Tx07kU=; b=ETNW6O1fVwu0YA36dZdP0ahtP3SaXG05j1CaVA58bR1fFEwLFTz8CuXa3ugKa2fsnD Qvi54Pr84J7qVzxGlkBBk8vvjrzLGhYjBk/ZgTKdZ5KM8gwLDOuPc4TpxSuD5J7yiyAd g/N7MKix+4jl6CAq/3o1DT5rRPuABJRhqdYHPD9KeDTnK8q2fLI51vqMMWMvTUuFcDQ+ UH+66xaPXQtsFDY/yiijyMWjw7BBVR/CyAQKkCUSc/6WZnE7oBBDBCK1tN31gOifp+Er xKSRi94Bk4A+ZSy19zcT4/YXzzprJYp4DU3gLE9Zp+v1+2Pw8XHBKPNcb8sYJV6wLa6V mnUw== X-Received: by 10.50.25.227 with SMTP id f3mr15128525igg.16.1384243122709; Mon, 11 Nov 2013 23:58:42 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.226.131 with HTTP; Mon, 11 Nov 2013 23:58:22 -0800 (PST) In-Reply-To: References: <980F839E3DB1465287B1FFE3FF665DEB@chriskeele.com> <878ABCFE-A3E9-4FA8-84F7-C58729570834@programmazione.it> From: Alexei Sholik Date: Tue, 12 Nov 2013 09:58:22 +0200 Message-ID: Subject: Re: Elixir Sandbox To: dev@couchdb.apache.org Content-Type: multipart/alternative; boundary=047d7bd76b009cabd604eaf6379f X-Virus-Checked: Checked by ClamAV on apache.org --047d7bd76b009cabd604eaf6379f Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable > So yes, Elixir please! :) And if we get a sandbox as well, we can even enable it by default :) I tried to add a .beam produced by Elixir to my CouchDB installation (I didn't want to rebuild the whole project), but Couch can't find it. I posted a question on this ML[1]. Any hints? [1]: http://mail-archives.apache.org/mod_mbox/couchdb-dev/201308.mbox/%3CCAAPY6e= PTSVSTPYWvquRnnXN0pwbfWmitEE2GAWjsPhATv5iw9Q@mail.gmail.com%3E On Thu, Oct 17, 2013 at 12:29 AM, Jan Lehnardt wrote: > > On Oct 16, 2013, at 23:16 , Benoit Chesneau wrote: > > > On Wed, Oct 16, 2013 at 10:54 PM, Filippo Fadda < > > filippo.fadda@programmazione.it> wrote: > > > >> Sandboxing is something optional I think, you need only when you are > >> developing a CouchApp, when you do all in JavaScript, using the _users > >> database and running the app inside CouchDB. But if you are just using > >> CouchDB like a database, developing a web app using PHP or Python, for > >> example, you'll never give access to CouchDB from outside, through Fut= on > >> for example, so no one will be able to store a new design doc in your > >> database to run malicious code. I'm using PHP with the ElephantOnCouch > >> Query Server, writing ddoc in PHP, and I really don't see why I should > >> using runkit to sandboxing the Query Server. > >> > >> -Filippo > >> > > > > Sandboxing is not only needed for couchapps but also views. If someone > > using a view inspect your hd and emit the result or send your docs > using > > a tcp connections to an unknown remote target it can be a risk. That's > why > > it's needed. Even allowed users can be a possible risk. > > I think Filippo used =E2=80=9CCouchApps=E2=80=9D as a synonym for =E2=80= =9Cyou may receive code > not written by you or someone your trust=E2=80=9D in which case you absol= utely > want a sandbox. > > My point was just that there are equally scenarios where that trust exist= s > and Filippo illustrated them a bit better than I did originally. > > So yes, Elixir please! :) And if we get a sandbox as well, we can even > enable it by default :) > > Best > Jan > -- > > > > > > > > > > > >> > >> On Oct 16, 2013, at 10:27 PM, Jan Lehnardt wrote: > >> > >>> Another option would be to start with treating the Elexir Query Serve= r > >>> like the Erlang Query Server and keep it off by default and with full > >>> access to the internals, so people could opt into it, if their > >> environment > >>> allows for it. > >>> > >>> Sandboxing could be a step on top or later. > >>> > >>> I for one would like to see native Elexir support for Views et.al in > >> CouchDB :) > >>> > >>> Best > >>> Jan > >>> -- > >>> > >>> On Oct 16, 2013, at 20:48 , Paul Davis > >> wrote: > >>> > >>>> There have been discussions on figuring out how to sandbox Erlang. T= he > >>>> biggest thing on that front was that we'd want it to be a whitelist = as > >>>> opposed to a blacklist of modules and/or module/function pairs. The > >>>> second is that with dynamic invocation its not immediately apparent = if > >>>> that's entirely possible to do. > >>>> > >>>> On Wed, Oct 16, 2013 at 10:39 AM, Chris Keele > >> wrote: > >>>>> Hey everyone! I'm trying to develop a sandbox for Elixir, and I > wanted > >> to see how such a library might prove useful to the CouchDB dev > community. > >>>>> > >>>>> My initial goal is just to be able to run string of code in a > >> predefined environment with configurable modules disabled, returning a= ll > >> output. But I'd like to design it for bigger things from the ground up= , > so > >> I was wondering what sorts of requirements you might have of a sandbox > >> library if you wanted to, say, implement a secure view processor. > >>>>> > >>>>> I've started a discussion thread here: > >> https://groups.google.com/forum/#!topic/elixir-lang-talk/wA1l74HCZmI, > but > >> I'm particularly interested in your opinions! > >>>>> -- > >>>>> Chris Keele > >>>>> > >>> > >> > >> > > --=20 Best regards Alexei Sholik --047d7bd76b009cabd604eaf6379f--