For the Wikipedia sandbox for editing experiments see Wikipedia:Sandbox

This article is about the computer security model. For other meanings, see sandbox (disambiguation).

In computer security, a sandbox is a safe place for running semi-trusted programs or scripts, often originating from a third party (see sandbox for the origins of this usage of the word). The sandbox security model provides a tightly-controlled set of resources for foreign programs to run in, such as a small "scratch-space" on the disk and a section of memory to carry out instructions. The sandbox may allow some user interaction, and the user may be prompted to allow or disallow certain actions as the program runs.

Some examples of the sandbox security model:

• In the Java system, most applets are run in a sandbox that provides (at minimum) a rectangle of screen space and optionally some disk space and memory (at the user's permission).
• On Unix systems, one of the ways to construct a sandbox is to use the chroot command. One common kind of sandbox built this way is known as a chroot jail.
• Another form of sandboxing is to run a program on a virtual machine emulator: for example, entire operating system environments may be run in a sandbox from within another operating system.
• Capability-based security systems can be regarded as an extreme form of sandboxing, where the entire system consists of nested sandboxes defined by the current capability state of the system

Sometimes a sandbox is set up to run programs that are still under development and have the potential to damage the system. These test systems replicate (often in reduced size or capacity) the actual computing environment for which software is being developed. The presence of such a safe, controlled environment allows developers to try experimental code without fear of damaging a mission-critical system.