#Html with php sandbox code
Where executing of 3rd party code inside of some application is needed. So I suggest to add a simple sandboxĬapability to PHP language, that help avoid security risk in situations I see it is not possible for some security raesons. Of code snipplets from untrusted users and do it as secure as possible. I have been forced to create PHP application that need inside execution PS: Execuse my bad language, English is not my native.įrom: ing.Martin Prášek [mailto: Saturday, Decem1:12 PM It may add several bennefits for gerneral PHP security too.What do you think ? I thing that suggested things adds a simple to use, but yet secure and flexibile capabilities for executing "not so trusted" third party code inside any PHP aplication. $resource_available = list of openned resources, that are available inside a sandbox. $scope_read = like $global_read,but for current scope $global_write = list of global variables, that are writable inside a sandbox $global_read = list of global variables, that are readable inside a sandbox $path = from where in filesystem code inside a sandbox can read/write/include other files I suggest, that code, what will be run inside a sandbox will have no way to acces resources (open files, db connection etc) from outside of the sandbox,will have a limited (ie strictly defined) acces to current global and local scope variablers and may be other security checks too.Ĭreate_sandbox($path,$global_read,$global_write,$scope_read,$scope_write,$resource_available)įunction that define sandbox and set its parameters.Parameters of the sandbox describes what from outside sandbox will be available inside. So I suggest to add a simple sandbox capability to PHP language, that help avoid security risk in situations where executing of 3rd party code inside of some application is needed. I have been forced to create PHP application that need inside execution of code snipplets from untrusted users and do it as secure as possible.
0 kommentar(er)
