- Category: June 2011
A developer’s “sandbox” - sometimes also called a working directory, a test server or development server is where he keeps his individual working copy of the code base and where he builds, tests and debugs the modules he is working on.
Concisely, sandboxing means testing in an environment that isolates untested code changes and outright experimentation from the production environment or repository in the context of software development including Web development and revision control. It protects "live" servers and their data from changes that could be damaging to a mission-critical system or which could simply be difficult to revert, regardless of the intent of the author of those changes.
Sandboxes replicate, at least, the minimal functionality needed to accurately test the programs or other code under development, e.g. usage of the same environment variables as, or access to an identical database to that is used, the stable prior implementation intended to be modified; there are many other possibilities, as the specific functionality needs vary widely with the nature of the code and the application[s] for which it is intended.
The concept of the sandbox is typically built into revision control software such as Concurrent Versions System (CVS) and Subversion (SVN), in which developers "check out" a copy of the source code tree, or a branch thereof, to examine and work on. Only after the developer has, hopefully, fully tested the code changes in their own sandbox would the changes be checked back into and merged with the repository and thereby made available to other developers or end users of the software.
By further analogy, the term "sandbox" can also be applied in computing and networking to other temporary or indefinite isolation areas, such as security sandboxes and search engine sandboxes, that prevent incoming data from affecting a "live" system, or aspects thereof, unless defined requirements or criteria have been met.
Sandboxing has improved security, particularly in the case of Google Chrome, Adobe Reader X, and mobile devices. Chrome implemented a sandbox to protect the browser, Reader X, to encapsulate PDF viewing, and mobile devices to protect apps from interfering with the security of the phone’s underlying operating system and other applications running on the device.
Sandboxing, however, is not a magic bullet, as client-side attacks against sandboxed applications evolve and iOS jailbreaking (removing limitations on an Apple device) has led security researchers to pay close attention to sandbox exploits.