On Mon, Feb 4, 2013 at 11:59 AM, Klaus Trainer <[email protected]> wrote: > On Mon, 2013-02-04 at 11:18 +0100, Benoit Chesneau wrote: >> >> DOS has nothing with sandboxing or maybe in a large extent here. Sandboxing >> in couchjs is about: >> >> 1. restrict I/O : no disk or net access from a view >> 2. make sure that a view function won't leek to another > > One attempt to protect against DOS would be to spawn (sandboxed) worker > processes, monitor them, and kill them if they misbehave (e.g. time them > out if they take too much time to process a document). In fact, the > sandbox npm module (https://github.com/gf3/sandbox) does something like > that. > > But you're right. I agree with you that this should be out of scope for > now, especially in this discussion here. >
I think we already prevent such DOS imo with the process execution timeout. Maybe that need to be improved but this can also be done here. - benoit
