it's em!•5mo ago

Drop permissions

I'd like to harden my deno app a bit, but specifying permissions manually gets repetitive. Is there a way for me to run with -A, parse my configs, and then drop all permissions I don't need before loading the rest of the app? Ex. the configuration will contain a database path, so I should keep the r/w permissions for that, but not any other files.

2 Replies

marvinh.•5mo ago

No, reversing already given permissions in the same process is not possible. you can limit the read + write permissions to certain files by passing a file path, see https://docs.deno.com/runtime/manual/basics/permissions

cknight•5mo ago

You can also setup a deno task in your deno.json and specify specific permissions there. E.g. in your deno.json you have:

{
  "tasks": {
     "start": "deno run --allow-read=./config.json,./my.db --allow-write=./my.db mod.ts",
   },
}

{
  "tasks": {
     "start": "deno run --allow-read=./config.json,./my.db --allow-write=./my.db mod.ts",
   },
}

Then on the command line you can just do:

deno task start

deno task start

Chat about Deno, a modern runtime for JavaScript and TypeScript.

17KMembers

View on Discord

More Posts

New fresh project comes out of the box with errorsI created a new fresh project on linux, I am using VsCode and im getting many errors although the pr Is there a deno function for inputting prompt reply without pressing enter?Normally, one has to press enter for the input to be accepted. I was wondering if there was a versio Setting Deno.Command priority and affinity (on windows)Is it possible to set a tasks / commands priority and affinity directly? Code: ```ts await new Deno Is there a way to write a Deno.AtomicCheck that succeeds for any non-null versionstamp?You can write a Deno.AtomicCheck that fails if the versionstamp for a key-value pair in the KV store ImportTypeScript API + get value of `compilerOptions` with default options from `tsconfig.json`?Hello, I'm trying to figure out the proper way to do a few things: 1. What's the correct way to imp How to override the version from a dependency of a project's dependency from npmI'm currently using react-pdf as a dependency, react-pdf uses fontkit as a dependency, and fontkit u How to publish global types with JSR?I was trying to republish my npm package with JSR via npm jsr package. It all went well with one exc Caching results from APIHi, I'm currently working on a project where I get data from an API (https://www.robotevents.com/api INTERNAL_SERVER_ERROR_2 / 500 response codeSeveral clients concurrently reported INTERNAL_SERVER_ERROR_2 with a 500 error on requests to a depl My site seems to be under attackI receive a large amount of request last night. Does this mean my site is under attack...?