Sandbox (computer security)From Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Sandbox_(computer_security)
This article is about the computer security mechanism. For the software testing environment, see Sandbox (software development).
In computer security, a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system.[1] A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of virtualization. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.[2] ImplementationsA sandbox is implemented by executing the software in a restricted operating system environment, thus controlling the resources (for example, file descriptors, memory, file system space, etc.) that a process may use.[3] Examples of sandbox implementations include the following:
Some of the use cases for sandboxes include the following:
See alsoSandbox (software development)From Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Sandbox_(software_development)
For the Wikipedia feature, where newcomers can experiment with editing, see Wikipedia:Sandbox.
The concept of sandbox (sometimes also called a working directory, a test server or development server) is typically built into revision control software such as CVS and Subversion (SVN), in which developers "check out" a copy of the source code tree, or a branch thereof, to examine and work on. Only after the developer has (hopefully) fully tested the code changes in their own sandbox, the changes would be checked back into and merged with the repository and thereby made available to other developers or end users of the software.[2] By further analogy, the term "sandbox" can also be applied in computing and networking to other temporary or indefinite isolation areas, such as security sandboxes and search engine sandboxes (both of which have highly specific meanings), that prevent incoming data from affecting a "live" system (or aspects thereof) unless/until defined requirements or criteria have been met. In web servicesThe term sandbox is commonly used for the development of Web services to refer to a mirrored production environment for use by external developers. Typically, a third-party developer will develop and create an application that will use a web service from the sandbox, which is used to allow a third-party team to validate their code before migrating it to the production environment. Microsoft,[3] Google,[citation needed] Amazon.com,[4] Salesforce.com,[5] PayPal,[6] eBay[7] and Yahoo,[8] among others, provide such services. In wikisWikis also typically employ a shared sandbox model of testing, though it is intended principally for learning and outright experimentation with features rather than for testing of alterations to existing content (the wiki analog of source code). An edit preview mode is usually used instead to test specific changes made to the texts or layout of wiki pages. See also
|