Comment by talideon
Nah. There are ways to mitigate the blast radius of experiments like this.
You can't utterly wrap developers up in cotton wool. Ultimately, people learn strong lessons from screwing up. You can at least make sure they're doing this learning within a sandbox in which the damage is contained. Like, maybe containerising it so it has limited access to anything that could do any real damage. If somebody builds a blogging app and the worst thing that happens is that they learn the value of sanitising your input, preventing SQL injection, that spam is an unfortunate fact of life, and that you should be very careful with how you manage cookies, I would consider that a _very_ big win for that novice developer.
Because we're talking about _developers_ here.
I am not exactly sure about using containers (most likely you mean docker/podman) as sandboxes...
Please correct me wrong but for a better form of sandboxing, I would recommend something like microvm and the bottlefire thing which was recently shared if that might pique your interest as I found it to be interesting and then using it with something like https://github.com/Zouuup/landrun
There is also tinykvm and other projects too which can simply take a binary and run it and I think that maybe developers should also try out all the different sandboxes and different things just for understanding as well I suppose too. To me, I really like playing with different form of sandboxes or such technologies in general.
Also do note that I am not sure if bottlefire provides sandbox/isolation by default as they mention Sandbox with Landlock seperately so I am now a bit confused if they provide sandbox by default or not as I previously thought it might have.