zlacker

While sandboxing is definitely more secure... Why not put a global deny on .env-like filename patterns as a first measure?