Microsoft Jumps Into the Open-Source Sandbox


Microsoft has released the source code for its Sandbox virtualization technology, offering Web developers a new method for protecting the contents of a Web page from malicious exploits and code injections.  The project has been released under the Apache 2.0 license, a source no doubt familiar to Microsoft, as the company began sponsoring the Apache Software Foundation to the tune of $100,000 annually last July.

While the Apache Software Foundation isn't sponsoring or endorsing Sandbox--Microsoft's just using the software license--the move is nevertheless the second time Apache and Microsoft are tangling up this year.  Microsoft announced its intentions to donate code to Apache's Stonehenge project on January 19.

We've explored Microsoft's increased interest in the world of open-source solutions before. Even though it's not quite ready for primetime deployment, Open Source Community Manager Peter Galli says that Sandbox is designed to help increase the security of a Web site's foundation in the hopes of driving increased Web innovation.  As for releasing the project under the Apache 2.0 license, he had this to say :

"The goal? An open and interoperable standard that will help foster interoperability with complementary technologies like script frameworks and drive widespread adoption of the Web Sandbox."

Microsoft first released Sandbox to the masses at the company's Professional Developers Conference in October of last year. You can tinker around with it yourself via Microsoft's Live Labs gateway . As you'll see, this JavaScript virtual machine is designed to prevent third-party scripts from affecting other code on a Web page.  This is especially important given the high propensity of scripts that could be running on a single, "mash-up" Web page, as Microsoft refers to them.  Were one script in this scenario to somehow become malicious or undergo some kind of error, it would have the potential to harm your users or, in the latter example, crash the entire Web page.  Here's where the importance of Sandbox comes into play, suggests Microsoft :

"The Sandbox allows you to embrace the existing W3C HTML document, ECMA JavaScript, and DOM programming models. You build an HTML page and it is automatically isolated and secured from the surrounding environment. Your component has its own unique document object model, isolated sub-tree, and namespace with automatic support for multiple-instancing and quality of service protections. This all happens transparently, allowing you to focus on developing against the W3C-based standards (e.g., event models, etc). The virtual machinery of the Sandbox manages the browser differences on your behalf."

Around the web

by CPMStar (Sponsored) Free to play