On Oct 16, 2013, at 23:03 , Alexander Shorin <[email protected]> wrote:
> On Thu, Oct 17, 2013 at 12:54 AM, Filippo Fadda > <[email protected]> wrote: >> Sandboxing is something optional I think, you need only when you are >> developing a CouchApp, when you do all in JavaScript, using the _users >> database and running the app inside CouchDB. But if you are just using >> CouchDB like a database, developing a web app using PHP or Python, for >> example, you'll never give access to CouchDB from outside, through Futon for >> example, so no one will be able to store a new design doc in your database >> to run malicious code. I'm using PHP with the ElephantOnCouch Query Server, >> writing ddoc in PHP, and I really don't see why I should using runkit to >> sandboxing the Query Server. > > Because you are running your code and you trust yourself (I hope so). > Another user may not trust you or your code, so he have to inspect > every bit of your code to make sure that it wouldn't make a big > security hole in his server. Having sandboxing feature guarantees him > that he may run third party code with no worries about. Heh right, I think Filipo is aware of the dichotomy. I think all we want to say is that Elexir support for CouchDB is very welcome with and without a sandbox (or both :) Best Jan --
signature.asc
Description: Message signed with OpenPGP using GPGMail
