[ https://issues.apache.org/jira/browse/COUCHDB-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13563084#comment-13563084 ]
Russell Branca commented on COUCHDB-1643: ----------------------------------------- Disabling I/O is definitely key to the sandbox, the real question is whether to accomplish that with a whitelist or a blacklist. I don't think there is a simple way to say just disable I/O in node.js (although I haven't looked into how that is accomplished in V8 either). A view engine sandbox in my mind is an isolated execution environment that provides a specific set of tools for transforming a doc into a set of key/value pairs, while allowing user provided shared and side effect free code, that disallows any interactions with or knowledge of the underlying system running it. I think the vast majority of npm modules would not be appropriate for use in a view server, so I don't think free for all access to npm is the best approach for views. > Switch to V8 > ------------ > > Key: COUCHDB-1643 > URL: https://issues.apache.org/jira/browse/COUCHDB-1643 > Project: CouchDB > Issue Type: Improvement > Components: JavaScript View Server > Reporter: Jan Lehnardt > > I’d like to propose that we switch to the V8 JavaScript engine to mitigate > the various issues we have with SpiderMonkey. > This ticket acts as the meta-issue where we can discuss whether we all agree > and what needs doing. individual tasks then can get their own tickets. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira