Google
 
   
Login
Username:

Password:


Lost Password?

Register now!
Search

Advanced Search
Main Menu
top books
Polls
What do you think about php-deluxe.net?
Excellent!
Cool
Hmm..not bad
What the hell is this?
encyclopedia
Delicious Monster
Edward/contribs
Ccache
Akella
Plugin
Spam (electronic)
Pete Herzog
recommendation
compare webbrowser
Freenet DSL
Who's Online
7 user(s) are online (7 user(s) are browsing encyclopedia)

Members: 0
Guests: 7

more...
browser tip
Unix Befehle
manual of unix befehle
recommendation!
Sponsored
partner

Sandbox (computer security)

In computer security, a sandbox is a security mechanism for safely running programs. It is often used to execute untested code, or programs from unverified third-parties and untrusted users.

The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices is usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

Some examples of sandboxes are:

  • Applets are self-contained programs run on a virtual machine or scripting language interpreter (computing) that does the sandboxing. This arrangement is popular in web browsers, which use this mechanism to safely execute applets embedded in untrusted web pages. Java applets in particular are provided (at minimum) a rectangle of screen space with which to interact with the user and some persistent storage (at the user s permission).
  • jail (computer security) are a special kind of resource limit imposed on programs by the operating system.
  • Virtual machines emulation a complete host computer, on which an entire operating system can run. The guest operating system is sandboxed in the sense that it does not run natively on the host and can only affect it through the intermediary emulator.
  • Capability systems can be thought of as a fine-grained sandboxing mechanism, in which programs have the ability to do specific things based on what capabilities (usually represented as opaque tokens) they hold.

    • Sometimes a sandbox is set up to run programs that are still under Software engineering and have the potential to damage the system or which are otherwise difficult to restore to their original configuration. These test systems replicate (often in reduced size or capacity) the actual computing environment for which software is being developed. The presence of such a safe, controlled environment allows developers to try experimental code without fear of damaging a mission-critical system.