On Mon, 2013-02-04 at 11:18 +0100, Benoit Chesneau wrote: > > DOS has nothing with sandboxing or maybe in a large extent here. Sandboxing > in couchjs is about: > > 1. restrict I/O : no disk or net access from a view > 2. make sure that a view function won't leek to another
One attempt to protect against DOS would be to spawn (sandboxed) worker processes, monitor them, and kill them if they misbehave (e.g. time them out if they take too much time to process a document). In fact, the sandbox npm module (https://github.com/gf3/sandbox) does something like that. But you're right. I agree with you that this should be out of scope for now, especially in this discussion here.
