incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Klaus Trainer <klaus_trai...@posteo.de>
Subject Re: Branch to switch from SpiderMonkey to Node.js
Date Mon, 04 Feb 2013 10:59:16 GMT
On Mon, 2013-02-04 at 11:18 +0100, Benoit Chesneau wrote:
> 
> DOS has nothing with sandboxing or maybe in a large extent here. Sandboxing
> in couchjs is about:
> 
> 1. restrict I/O : no disk or net access from a view
> 2. make sure that a view function won't leek to another

One attempt to protect against DOS would be to spawn (sandboxed) worker
processes, monitor them, and kill them if they misbehave (e.g. time them
out if they take too much time to process a document). In fact, the
sandbox npm module (https://github.com/gf3/sandbox) does something like
that.

But you're right. I agree with you that this should be out of scope for
now, especially in this discussion here.


Mime
View raw message