Talk:Sandbox (computer security)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing / Software / Security (Rated Start-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Software (marked as Mid-importance).
Taskforce icon
This article is supported by WikiProject Computer Security (marked as High-importance).

(no header)[edit]

Sandbox é uma caixa ou uma área da memória do computador que alguns dispositivos de segurança , como antivirus por exemplo usam para executar com a autorização do administrador , aqueles programas desconhecidos ou que acabaram de ser baixados da internet evitando assim que ocorram corrupção ou instalação de programas maliciosos. — Preceding unsigned comment added by (talk) 07:16, 11 September 2011 (UTC)

Where is sandbox???????—Preceding unsigned comment added by (talkcontribs) 18:14, 11 October 2005 (UTC)

Do you mean the Wiki sandbox? It's here: Wikipedia:Sandbox—Preceding unsigned comment added by (talkcontribs) 22:15, 1 November 2005 (UTC)

Links to a few software sandboxes and maybe a few reviews wouldn't have been a bad idea.—Preceding unsigned comment added by (talkcontribs) 17:55, 9 April 2006 (UTC)

I found a nice simple one here—Preceding unsigned comment added by (talkcontribs) 08:32, 2 September 2006 (UTC)
If you are looking for a good, objective review of various products, I would suggest that you consult:
You may also wish to add in an interesting Info World article that discusses and summarizes Roger Grimes' documented problems with the sandbox theory - Driver Eight77 (talk) 16:12, 2 April 2009 (UTC)

Paragraph about exceptions[edit]

Rule-based Execution gives users full control over what processes are started, spawned (by other applications), or allowed to inject code into other apps and have access to the net. It also can control file/registry security (What programs can read and write to the file system/registry) As such, viruses and trojans will have a less likely chance of infecting your PC. The SELinux and Apparmor security frameworks are two such implementations for Linux.

This paragraph is rather hard to understand for people who are not skilled in IT. It is also not obvious why this should be an example for a sandbox. Can somebody clarify that please?

-- (talk) 13:36, 5 September 2011 (UTC)

If this article is limited to information that can be understood by IT newbies it would be of little use. The topic is inherently complicated. — Preceding unsigned comment added by (talk) 21:39, 9 December 2011 (UTC)

There are some very informative articles on Wikipedia about other highly technical subjects. If you already know the subject, then you don't need to be reading Wikipedia about it. Wikipedia is specifically FOR newbies to topics which people are unfamiliar with. If it wasn't then there wouldn't be any reason to have Wikipedia in the first place. QuintBy (talk) 02:14, 4 August 2013 (UTC)


What do you think about include references to "Unix chroot"? Valerio Bozzolan (talk) 16:47, 26 January 2014 (UTC)

Difference between a "sandbox" and a "container"[edit]

AFAIK, a sandbox is always for one single application, while a container is for multiple applications. Any other input? User:ScotXWt@lk 22:04, 27 June 2014 (UTC)

Well, they're similar yet different... "Sandbox" comes from the "old shool" days and it's pretty much associated with chrooting a process, for example. On the other hand, "container" is a newer term, usually associated with operating system–level virtualization. Setups created as sandboxes usually aren't meant to be moved between different hosts, while containers are pretty much made to be easily moved around.
Also, I wouldn't say that sandbox is for one application while a container is for multiple applications. You usually want one application per sandbox or container, as isolating one application is the key; however, nothing puts such restrictions. Though, it also depends what's taken as a single application; for example, a LAMP stack can be treated as one or as many applications. — Dsimic (talk | contribs) 07:53, 2 July 2014 (UTC)

One external link which could be used as a source[edit] and its subpages, especially the FAQ. --Jerome Potts (talk) 20:33, 29 January 2015 (UTC)

Other technologies to mention[edit]

There are a couple of technologies similar to seccomp. An example is capsicum on FreeBSD and pledge on OpenBSD. CloudABI appears to be a similar system. Maybe someone with more insight can add them to the article?--Athaba (talk) 14:09, 10 January 2016 (UTC)