From Wikipedia, the free encyclopedia

For the Wikipedia feature, where newcomers can experiment with editing, see Wikipedia:Sandbox.

In computer security, a sandbox is a security mechanism for safely running programs. It is often used to execute untested code, or programs from unverified third-parties, suppliers and untrusted users.

The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices is usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

Some examples of sandboxes are:

• Applets are self-contained programs that run in a virtual machine or scripting language interpreter that does the sandboxing. This arrangement is popular in web browsers, which use this mechanism to safely execute applets embedded in untrusted web pages. Java applets in particular are provided (at minimum) a rectangle of screen space with which to interact with the user and some persistent storage (at the user's permission).
• Jails are a special kind of resource limit imposed on programs by the operating system.
• Virtual machines emulate a complete host computer, on which an entire operating system can run. The guest operating system is sandboxed in the sense that it does not run natively on the host and can only affect it through the intermediary emulator and its effect upon shared resources, such as hard disk space.
• Application streaming solutions sandbox applications on a client machine.
• Capability systems can be thought of as a fine-grained sandboxing mechanism, in which programs have the ability to do specific things based on what capabilities (usually represented as opaque tokens) they hold.
• XAML Browser Applications are programs that can run within Microsoft Internet Explorer that have little or no access to system elements

The term "sandbox" is also used much more generally in computing to refer to a testing environment for software (including websites) and even content development; see the sandbox (software development) article for this broader usage.

[edit] See also

• Sandbox (software development)
• Sandbox effect (search engines)
• Sandboxie (security software)