[
https://issues.apache.org/jira/browse/COUCHDB-1643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13563084#comment-13563084
]
Russell Branca commented on COUCHDB-1643:
-----------------------------------------
Disabling I/O is definitely key to the sandbox, the real question is whether to
accomplish that with a whitelist or a blacklist. I don't think there is a
simple way to say just disable I/O in node.js (although I haven't looked into
how that is accomplished in V8 either).
A view engine sandbox in my mind is an isolated execution environment that
provides a specific set of tools for transforming a doc into a set of key/value
pairs, while allowing user provided shared and side effect free code, that
disallows any interactions with or knowledge of the underlying system running
it.
I think the vast majority of npm modules would not be appropriate for use in a
view server, so I don't think free for all access to npm is the best approach
for views.
> Switch to V8
> ------------
>
> Key: COUCHDB-1643
> URL: https://issues.apache.org/jira/browse/COUCHDB-1643
> Project: CouchDB
> Issue Type: Improvement
> Components: JavaScript View Server
> Reporter: Jan Lehnardt
>
> I’d like to propose that we switch to the V8 JavaScript engine to mitigate
> the various issues we have with SpiderMonkey.
> This ticket acts as the meta-issue where we can discuss whether we all agree
> and what needs doing. individual tasks then can get their own tickets.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
