On Thu, Oct 17, 2013 at 1:13 AM, Jan Lehnardt <[email protected]> wrote: > On Oct 16, 2013, at 23:03 , Alexander Shorin <[email protected]> wrote: > >> On Thu, Oct 17, 2013 at 12:54 AM, Filippo Fadda >> <[email protected]> wrote: >>> Sandboxing is something optional I think, you need only when you are >>> developing a CouchApp, when you do all in JavaScript, using the _users >>> database and running the app inside CouchDB. But if you are just using >>> CouchDB like a database, developing a web app using PHP or Python, for >>> example, you'll never give access to CouchDB from outside, through Futon >>> for example, so no one will be able to store a new design doc in your >>> database to run malicious code. I'm using PHP with the ElephantOnCouch >>> Query Server, writing ddoc in PHP, and I really don't see why I should >>> using runkit to sandboxing the Query Server. >> >> Because you are running your code and you trust yourself (I hope so). >> Another user may not trust you or your code, so he have to inspect >> every bit of your code to make sure that it wouldn't make a big >> security hole in his server. Having sandboxing feature guarantees him >> that he may run third party code with no worries about. > > Heh right, I think Filipo is aware of the dichotomy. I think all we want to > say is that Elexir support for CouchDB is very welcome with and without a > sandbox (or both :)
Agree (: -- ,,,^..^,,,
