FUDforum: comp.lang.php

Home » Imported messages » comp.lang.php » Sandbox

Show: Today's Messages :: Polls :: Message Navigator

Re: Sandbox [message #182079 is a reply to message #182078]

Fri, 05 July 2013 16:53

Jerry Stuckle
Messages: 2598
Registered: September 2010

Karma:

Senior Member

On 7/5/2013 12:24 PM, J.O. Aho wrote:
> On 05/07/13 14:25, Jerry Stuckle wrote:
>> On 7/5/2013 7:38 AM, sanjayrathod273(at)gmail(dot)com wrote:
>>> HEy guys Help me
>>>
>>> I want to use sandbox for my site's security. below is the link of
>>> method which i want to use http://php.net/manual/en/runkit.sandbox.php.
>>>
>>> but when i am run the code of that page it says sandbox class not
>>> defined.
>>> so anyone can guide me through this step by step.
>>> Please help me my site has down due to hacking. i want to use for this
>>> site
>>> http://web.guru99.com/demo-editor-php/
>>>
>>
>> Look at the documentation - you need the runkit PECL class. But that
>> has not been updated for seven years and will not compile with PHP
>> versions > 5.2. It looks like you're out of luck.
>>
>> But then while I think what you're trying to do is admirable, I don't
>> think you'll be able to stop hacking without pretty much crippling your
>> users. Anyone developing (or learning) PHP should have their own
>> development environment, anyway.
>>
>
> There are other options to "sandbox" the users, suExec will give you
> some capabilities and then on you can also run the apache in a chroot
> environment. This way you can limit the access through the webserver to
> the rest of the server environment and limit the sites from accessing
> each others data. I usually apply the suhosin to the php and set a bit
> limitation that way too. Doing all that you need of course a Linux/Unix
> server.
>

Yes, but look at his site. He's trying to create an online PHP executor
for people to use. Your suggestions won't help there - it's impossible
to use them to limit access to the files from user-developed code
(evidently executed with eval()) while still making it available to the
installed code.

And limiting things like file functions in his php.ini file will not
only limit the functions for user-developed code, but for the code on
the site itself.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

[Message index]

		Sandbox By: sanjayrathod273 on Fri, 05 July 2013 11:38
		Re: Sandbox By: Jerry Stuckle on Fri, 05 July 2013 12:25
		Re: Sandbox By: J.O. Aho on Fri, 05 July 2013 16:24
		Re: Sandbox By: Jerry Stuckle on Fri, 05 July 2013 16:53
		Re: Sandbox By: J.O. Aho on Fri, 05 July 2013 17:33
		Re: Sandbox By: Denis McMahon on Fri, 05 July 2013 18:23
		Re: Sandbox By: Jerry Stuckle on Fri, 05 July 2013 19:07
		Re: Sandbox By: J.O. Aho on Fri, 05 July 2013 19:20

Previous Topic:	tracking IP's
Next Topic:	mysqli --- who does the switching?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Thu Nov 28 08:26:10 GMT 2024

Total time taken to generate the page: 0.04635 seconds