What is sandboxing?

Question

I have read the Wikipedia article, but I am not really sure what it means, and how similar it is to version control.

It would be helpful if somebody could explain in very simple terms what sandboxing is.

Answer 1

More often we refer to the other sandbox.

---

In anyway, sandbox often mean an isolated environment. You can do anything you like in the sandbox, but its effect won't propagate outside the sandbox. For instance, in software development, that means you don't need to mess with stuff in /usr/lib to test your library, etc.

Answer 2

This definition of sandboxing basically means having test environments (developer integration, quality assurance, stage, etc). These test environments mimic production, but they do not share any of the production resources. They have completely separate servers, queues, databases, and other resources.

More commonly, I've seen sandboxing refer to something like a virtual machine -- isolating some running code on a machine so that it can't affect the base system.

Answer 3

For the "sandbox" in software development, it means to develop without disturbing others in an isolated way.

It is not similiar to version control. But some version control (as branching) method can help making sandboxes.

Answer 4

For a concrete example: suppose you have an application that deals with money transfers. In the production environment, real money is exchanged. In the sandboxed environment, everything runs exactly the same, but the money is virtual. It's for testing purposes.

Paypal offers such a sandboxed environment, for example.

Answer 5

A sandpit or sandbox is a low, wide container or shallow depression filled with sand in which children can play. Many homeowners with children build sandpits in their backyards because, unlike much playground equipment, they can be easily and cheaply constructed. A "sandpit" may also denote an open pit sand mine.

Well, A software sandbox is no different that a sandbox built for a child to play. By providing a sandbox to a child we simulate the environment of real play ground (in other words an isolated environment) but with restrictions on what a child can do. Because we don't want child to get infected or we don't want him to cause trouble to others. :) What so ever the reason is, we just want to put restrictions on what child can do for Security Reasons.

Now coming to our software sandbox, we let any software(child) to play (execute) but with some restrictions over what it (he) can do. We can feel safe & secure about what the executing software can do.

You've seen & used Antivirus software. Right? It is also a kind of sandbox. It puts restrictions on what any program can do. When a malicious activity is detected, it stops and informs user that "this application is trying to access so & so resources. Do want to allow?".

Download a program named sandboxie and you can get an hands on experience of a sandbox. Using this program you can run any program in controlled environment.

Now from programmer's point of view, sandbox is restricting the API that is allowed to the application. In the antivirus example, we are limiting the system call (operating system API).

Another example would be online coding arenas like topcoder. You submit a code (program) but it runs on the server. For the safety of the server, They should limit the level of access of API of the program. In other words, they need to create a sandbox and run your program inside it.

If you have a proper sandox you can even run a virus infected file and stop all the malicious activity of the virus and see for yourself what it is trying to do. In fact, this will be first step of Antivirus researcher.