> From: ing.Martin Prášek [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 20, 2003 1:12 PM > Sandbox ? > > I have been forced to create PHP application that need inside execution > of code snipplets from untrusted users and do it as secure as possible. > I see it is not possible for some security raesons. (db > connection,resources etc.). So I suggest to add a simple sandbox > capability to PHP language, that help avoid security risk in situations > where executing of 3rd party code inside of some application is needed.
<snip> While syntactically not ideal here is a very flexible example to build off: http://www.rubycentral.com/book/taint.html BTW: if PHP wants to be the ultimate template engine it needs such a feature. Due to PHP's flexibility its really hard to check the source for potentially dangerous code so if you allow users to edit/add templates to your system you have to trust them all the way if you are going to include/require those template instead of simply pushing data into them and then echo'ing them. Regards, Lukas -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
