Easiest way to make it safe is
1) Run it in a container
2) Isolate it through a reverse proxy, probably nginx
This doesn't make it safe. It can still be exploited and used to join a botnet, as a proxy, to mine cryptocurrency, to spy on requests or redirect users to malicious websites or phish them, to host malware...
Maybe but at least the damage is isolated … can always just restart container
Also I’m curious how a bonnet can get through a container … outgoing connections should be blocked by default
3) Deploy on a cloud provider’s managed Kubernetes behind a WAF. Now it’s web scale!
This doesn't make it safe. It can still be exploited and used to join a botnet, as a proxy, to mine cryptocurrency, to spy on requests or redirect users to malicious websites or phish them, to host malware...
Maybe but at least the damage is isolated … can always just restart container
Also I’m curious how a bonnet can get through a container … outgoing connections should be blocked by default
3) Deploy on a cloud provider’s managed Kubernetes behind a WAF. Now it’s web scale!