Know that, but when you _need_ it ?
It would have to be safe. Really safe. And I doubt that you could do it without a lot of work. Especially from module maintainers. More than can be put into it without delaying PHP5 another year.
PHP5 have integrated tidy so let this (X)HTML check to be done by application designer,
Very dangerous as it will give a false sense of security. And that's even more dangerous than no sandbox at all IMHO, because without the sandbox you _know_ that you have to be careful.
HTML Tidy would certainly help but is just one little piece of the puzzle. Like safe_mode is.
> If code inside sandbox will connect to database as another user (or better, to another
> database), there is very simple way, just using proper SQL GRANT/REVOKE by application
> designer and it keep vital data complettly out of reach for sandboxed code.
> I see no problems here.
And that's where there's more to it than you might realize. Most DBs have SQL-constructs which allows you to access data outside the DB. Just take 'LOAD DATA FROM INFILE' or 'SELECT INTO OUTFILE' in MySQL for example. And I'm pretty sure there's a lot more examples if you go through the list of modules.
Every single module would have to be checked for possible exploits, that's quite an undertaking.
I, for one, would not easily trust such an environment, I'd rather find another solution for user-submitted data than feeding it to a general purpose (and a very mightly one on top) engine.
But maybe you're lucky and one of the core PHP wizards proves me wrong.
Regards, - Chris
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
