incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: Branch to switch from SpiderMonkey to Node.js
Date Mon, 04 Feb 2013 11:18:54 GMT
On Mon, Feb 4, 2013 at 11:59 AM, Klaus Trainer <klaus_trainer@posteo.de> wrote:
> On Mon, 2013-02-04 at 11:18 +0100, Benoit Chesneau wrote:
>>
>> DOS has nothing with sandboxing or maybe in a large extent here. Sandboxing
>> in couchjs is about:
>>
>> 1. restrict I/O : no disk or net access from a view
>> 2. make sure that a view function won't leek to another
>
> One attempt to protect against DOS would be to spawn (sandboxed) worker
> processes, monitor them, and kill them if they misbehave (e.g. time them
> out if they take too much time to process a document). In fact, the
> sandbox npm module (https://github.com/gf3/sandbox) does something like
> that.
>
> But you're right. I agree with you that this should be out of scope for
> now, especially in this discussion here.
>

I think we already prevent such DOS imo with the process execution
timeout. Maybe that need to be improved but this can also be done
here.

- benoit

Mime
View raw message