FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Sandbox
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Sandbox [message #182079 is a reply to message #182078] Fri, 05 July 2013 16:53 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 7/5/2013 12:24 PM, J.O. Aho wrote:
> On 05/07/13 14:25, Jerry Stuckle wrote:
>> On 7/5/2013 7:38 AM, sanjayrathod273(at)gmail(dot)com wrote:
>>> HEy guys Help me
>>>
>>> I want to use sandbox for my site's security. below is the link of
>>> method which i want to use http://php.net/manual/en/runkit.sandbox.php.
>>>
>>> but when i am run the code of that page it says sandbox class not
>>> defined.
>>> so anyone can guide me through this step by step.
>>> Please help me my site has down due to hacking. i want to use for this
>>> site
>>> http://web.guru99.com/demo-editor-php/
>>>
>>
>> Look at the documentation - you need the runkit PECL class. But that
>> has not been updated for seven years and will not compile with PHP
>> versions > 5.2. It looks like you're out of luck.
>>
>> But then while I think what you're trying to do is admirable, I don't
>> think you'll be able to stop hacking without pretty much crippling your
>> users. Anyone developing (or learning) PHP should have their own
>> development environment, anyway.
>>
>
> There are other options to "sandbox" the users, suExec will give you
> some capabilities and then on you can also run the apache in a chroot
> environment. This way you can limit the access through the webserver to
> the rest of the server environment and limit the sites from accessing
> each others data. I usually apply the suhosin to the php and set a bit
> limitation that way too. Doing all that you need of course a Linux/Unix
> server.
>

Yes, but look at his site. He's trying to create an online PHP executor
for people to use. Your suggestions won't help there - it's impossible
to use them to limit access to the files from user-developed code
(evidently executed with eval()) while still making it available to the
installed code.

And limiting things like file functions in his php.ini file will not
only limit the functions for user-developed code, but for the code on
the site itself.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: tracking IP's
Next Topic: mysqli --- who does the switching?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 08:26:10 GMT 2024

Total time taken to generate the page: 0.04635 seconds