Comment by ganamadaduuun

Comment by ganamadaduuun 15 hours ago

3 replies

View on Hacker News

In any web application all data that comes from the outside world is potentially hostile. A decent web framework takes care of basic security measures, does input sanitation, provides referer checking and csrf for forms, etc. When you roll your own, your _are_ on your own to do that all properly yourself, if you even know all the potential pitfalls. And if you write your own cgi library like the op even more so. I'm not advocating for using WordPress either. I'm advocating for either having a static blog or using a decent, tested web framework or the the very least cgi module that provides tested implementations of common security features that in my experience are typically missed in self-made cgi scripts.

talideon 15 hours ago

Nah. There are ways to mitigate the blast radius of experiments like this.

You can't utterly wrap developers up in cotton wool. Ultimately, people learn strong lessons from screwing up. You can at least make sure they're doing this learning within a sandbox in which the damage is contained. Like, maybe containerising it so it has limited access to anything that could do any real damage. If somebody builds a blogging app and the worst thing that happens is that they learn the value of sanitising your input, preventing SQL injection, that spam is an unfortunate fact of life, and that you should be very careful with how you manage cookies, I would consider that a _very_ big win for that novice developer.

Because we're talking about _developers_ here.

Reply View 2 replies
  • Imustaskforhelp 14 hours ago

    I am not exactly sure about using containers (most likely you mean docker/podman) as sandboxes...

    Please correct me wrong but for a better form of sandboxing, I would recommend something like microvm and the bottlefire thing which was recently shared if that might pique your interest as I found it to be interesting and then using it with something like https://github.com/Zouuup/landrun

    There is also tinykvm and other projects too which can simply take a binary and run it and I think that maybe developers should also try out all the different sandboxes and different things just for understanding as well I suppose too. To me, I really like playing with different form of sandboxes or such technologies in general.

    Also do note that I am not sure if bottlefire provides sandbox/isolation by default as they mention Sandbox with Landlock seperately so I am now a bit confused if they provide sandbox by default or not as I previously thought it might have.

    Reply View 1 reply
    • talideon an hour ago

      Sure, there are many ways to achieve the same end of limiting blast radius, but that's not really the point here: the point is that we should dismiss projects like this solely because something might go wrong, especially when there are ways to mitigate against real damage.

      Reply View 0 replies