The script would have to run on every request (perhaps only when base functionality is extended by the user). If this is like the old PHP CGI I would probably run into problems. But I do agree having a Node instance spawn other Node instances is probably overkill and I'd be better off spawning vanilla V8 instances (v8cgi perhaps?).
I found a PHP extension called V8JS. Not sure how well that work. Doesn't seem to get much attention unfortunately. On Monday, March 5, 2012 9:22:06 AM UTC-8, Jann Horn wrote: > > Am Sonntag, den 04.03.2012, 17:43 -0800 schrieb Luke Scott: > > What I'm trying to figure out is what to do when I want users to write > > plugins (untrusted code). I only want them to have access to (1) what > > V8 vanilla provides and (2) a few classes that provide context sensitive > > functions. But with a single thread malicious code goes well beyond what > > the user can access - It also includes writing code that blocks. > > > > As I understand it the only way to ensure a user can't jailbreak or > block > > the event loop is to run their code in a separate thread, which is > > something that won't happen in Node.js. There were some mention of > > user-land solutions. But this makes me hesitant because wouldn't a > > "user-land" solution be written in JavaScript? > > Just make one child process per request. The child processes should be > vanilla V8 with only two additions, one function for reading one line > from standard input and one for logging strings to standard output. When > child processes don't die in a certain time, kill them. Set the RAM size > restriction low. > > Well, that's the easiest - and slowest - way, I guess. > > How often will those scripts have to run? Is it ok to waste lots of CPU > time per incoming "run script" command? How many need to be able to run > in parallel? > > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
