about summary refs log tree commit diff stats
path: root/manual_tests
diff options
context:
space:
mode:
authorKartik K. Agaram <vc@akkartik.com>2021-12-25 08:59:46 -0800
committerKartik K. Agaram <vc@akkartik.com>2021-12-25 08:59:46 -0800
commit46d4438cc4409ab648409bc6dcfdc4eb965a420d (patch)
tree70ec2f497222247d86957d3177219b083dd9ffc9 /manual_tests
parent732903fc18effa9c48e4f68de55dae1a14b5754f (diff)
downloadteliva-46d4438cc4409ab648409bc6dcfdc4eb965a420d.tar.gz
sandbox: another scenario, some UX ideas
I'd originally thought of allowing policies to be influenced by
arbitrary code. But that may be overkill:
  - it's probably not a good idea to allow policies to read/write from file system
  - it's even less a good idea to allow policies to access the network
    - particularly since it's difficult (error-prone) to distinguish GET/POST in arbitrary protocols
  - once you allow file system and network, you're pretty close to owned

So let's first focus on the simplest policy, the one that is easiest to
secure. We'll add capabilities to policies as we gain confidence we can
secure them.
Diffstat (limited to 'manual_tests')
0 files changed, 0 insertions, 0 deletions