rink for untrusted input

[Kezii]

I'm exposing rink over the internet to untrusted users, regarding #88, but in general, is in an objective for rink to become resilient against attacks in the future, or should I avoid doing this?

[tiffany352]

Yeah, I'd eventually like to re-add built in sandboxing support.

Aside from currently not protecting against time/memory overuse, rink does have a few design goals/non-goals that help with security:

• It's not turing complete and I have no plans to make it so. There's no control flow, recursion, backreferences, etc. that would allow for it. Queries can still take arbitrarily large (but finite) time and memory to finish though.
• There's no way to access shell commands, files, network resources, etc. from within the rink syntax, and I don't plan to ever add it.
• Being written in rust, there's negligible risk for buffer overflows or other exploits.

If you run rink in a child process with restrictions on execution time and memory usage, it should be safe against malicious input. If there's any reason it's not, I'll consider that a security bug and fix it.