2

I have a Node.JS instance that dynamically inserts Javascript snippets to be executed from a Database where they are stored as strings. My problem is that I need to be able to Sandbox the executed Javascript from getting access to anything that can compromise the actual running Node.JS instance, the Database, or other Javascript being executed.

Is there a way to that I can do this without actually running a separate Instance of Node for each process?

Basically need to put in place security to make sure no rogue javascript is ran

Charles
  • 50,943
  • 13
  • 104
  • 142
Rob
  • 11,185
  • 10
  • 36
  • 54
  • 8
    This seems like an extremely terrible idea ;o – Christian Stewart May 24 '13 at 22:41
  • If you where able to isolate this code properly then you likely couldn't do anything of useful. Also, once you allow these snippets to do any I/O, you open yourself up to a huge list of security problems. Imagine you theoretically sandbox the code, but there is a bug in Node or a 3rd party module that allows arbitrary code execution. – BeWarned May 24 '13 at 23:34

1 Answers1

0

Looks like this might be what you're looking for.

npm install sandbox

However, it hasn't been updated in over a year. So you might be better off using child_process.fork() as described in this posting.

Community
  • 1
  • 1
Daniel
  • 38,041
  • 11
  • 92
  • 73