Allow access to process #1
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PS: i'm not sure of the most usecase here OR if this would be useful to anyone.
tbh, I'm not totally sure of the rationale behind sandboxing the configurations, but while working with the tool, I've found it a bit difficult to do a few things, e.g dynamically configure my database.
One of the 12factor best practices is to store configurations in the environment, but when the context of the environment is missing, it becomes a bit difficult to migrate things, especially when you want to keep things clean and don't want to ship any of dev config to prod, i.e. with
config/production.jsandconfig/development.js.I'm not too sure of the most use case here, but I've found it easier to just allow access to the process(env, cwd etc) from the config. Although in the long run, i'd prefer the js config files not being placed within a sandboxed environment though.
As for security, like I've said I'm not totally sure of the most use case here, however if the purpose of the sandbox is to prevent a malicious attacker from gaining access, I think the purpose is probably already defeated if plugins are not loaded within the sandbox, because I'd assume any attacker that can launch within the context of the config, would probably already be able to launch anywhere else.