On Aug 6, 2024, at 3:09 AM, Nick Lockheart wrote:
>
>
> Sand Box: A first class API that allows unit testing of code with mocks
> and stubs of other classes or functions, without the need to modify the
> class under test.
This honestly feels like it's going to be a repeat of safe_mode.
What mi
On Wed, Aug 7, 2024, 7:13 PM Nick Lockheart wrote:
>
>
>
> So I was thinking about this a bit more and I thought, what if instead
> of adding a sandbox as a feature of PHP, what if PHP *was* the sandbox.
>
> So consider this:
>
> What if the PHP engine added a C API that lets C/C++ programs not o
> >
> > Introducing a sandbox API for security also opens up a can of worms
> > for the security policy. Right now we are assuming an attacker
> > model of a remote attacker, and that the code running on your
> > server is trusted. But that would change when an official sandbox
> > API is introd
On 06.08.2024 at 20:59, Niels Dossche wrote:
> On 06/08/2024 10:41, Nick Lockheart wrote:
>>
>> Sandbox: Security
>>
>> A SandBox has two use cases:
>>
>> 1. Unit Testing of code with mocks or stubs, and also, allowing testing
>> with different environments.
>>
>> 2. The secure running of 3rd part
On Wed, Aug 7, 2024, 2:11 AM Rob Landers wrote:
>
> I find this assertion kind of scary from a shared hosting perspective or
> even from a 3v4l kind of perspective. How do these services protect
> themselves if php is inherently insecure?
>
php is not inherently insecure. not even remotely and q
On Tue, 2024-08-06 at 20:51 +0200, Rob Landers wrote:
> Hey Nick,
>
> Looking forward to the RFC!
>
> On Tue, Aug 6, 2024, at 19:28, Nick Lockheart wrote:
> > >
> > > This looks quite valuable, and I assume auto loading would work
> > > just
> > > like normal? Register an autoloader that will e
On 06/08/2024 21:05, Rob Landers wrote:
> Hey Niels,
>
> I find this assertion kind of scary from a shared hosting perspective or even
> from a 3v4l kind of perspective. How do these services protect themselves if
> php is inherently insecure?
>
> — Rob
Hi Rob
I'm not a sysadmin guy or anyth
On Tue, Aug 6, 2024, at 20:59, Niels Dossche wrote:
> On 06/08/2024 10:41, Nick Lockheart wrote:
> >
> > Sandbox: Security
> >
> > A SandBox has two use cases:
> >
> > 1. Unit Testing of code with mocks or stubs, and also, allowing testing
> > with different environments.
> >
> > 2. The secur
On 06/08/2024 10:41, Nick Lockheart wrote:
>
> Sandbox: Security
>
> A SandBox has two use cases:
>
> 1. Unit Testing of code with mocks or stubs, and also, allowing testing
> with different environments.
>
> 2. The secure running of 3rd party code inside a 1st party application.
>
The use-ca
Hey Nick,
Looking forward to the RFC!
On Tue, Aug 6, 2024, at 19:28, Nick Lockheart wrote:
> >
> > This looks quite valuable, and I assume auto loading would work just
> > like normal? Register an autoloader that will eventually require the
> > file and call this function?
> >
> > It would be n
>
> This looks quite valuable, and I assume auto loading would work just
> like normal? Register an autoloader that will eventually require the
> file and call this function?
>
> It would be nice to provide a simplified api as well, maybe
> “CopyCurrentEnvironment()” or something? In most cases,
> On Aug 6, 2024, at 2:09 AM, Nick Lockheart wrote:
>
> Sand Box: A first class API that allows unit testing of code with mocks
> and stubs of other classes or functions, without the need to modify the
> class under test.
>
> This is an initial idea of how a Sand Box API could work:
>
> $oSandb
On Tue, Aug 6, 2024, at 10:41, Nick Lockheart wrote:
>
> Sandbox: Security
>
> A SandBox has two use cases:
>
> 1. Unit Testing of code with mocks or stubs, and also, allowing testing
> with different environments.
>
> 2. The secure running of 3rd party code inside a 1st party application.
>
Sandbox: Security
A SandBox has two use cases:
1. Unit Testing of code with mocks or stubs, and also, allowing testing
with different environments.
2. The secure running of 3rd party code inside a 1st party application.
For the second use case, I will use a fictional blogging software
called
Sand Box: A first class API that allows unit testing of code with mocks
and stubs of other classes or functions, without the need to modify the
class under test.
This is an initial idea of how a Sand Box API could work:
$oSandbox = new SPLSandBox();
$oSandbox->MockFunction('\mocks\fopen','\fop
15 matches
Mail list logo
