On Aug 6, 2024, at 3:09 AM, Nick Lockheart wrote:
>
>
> Sand Box: A first class API that allows unit testing of code with mocks
> and stubs of other classes or functions, without the need to modify the
> class under test.
This honestly feels like it's going to be a repeat of safe_mode.
What mi
On Wed, Aug 7, 2024, 7:13 PM Nick Lockheart wrote:
>
>
>
> So I was thinking about this a bit more and I thought, what if instead
> of adding a sandbox as a feature of PHP, what if PHP *was* the sandbox.
>
> So consider this:
>
> What if the PHP engine added a C API that lets C/C++ programs not o
> >
> > Introducing a sandbox API for security also opens up a can of worms
> > for the security policy. Right now we are assuming an attacker
> > model of a remote attacker, and that the code running on your
> > server is trusted. But that would change when an official sandbox
> > API is introd
On 06.08.2024 at 20:59, Niels Dossche wrote:
> On 06/08/2024 10:41, Nick Lockheart wrote:
>>
>> Sandbox: Security
>>
>> A SandBox has two use cases:
>>
>> 1. Unit Testing of code with mocks or stubs, and also, allowing testing
>> with different environments.
>>
>> 2. The secure running of 3rd part
On Wed, Aug 7, 2024, 2:11 AM Rob Landers wrote:
>
> I find this assertion kind of scary from a shared hosting perspective or
> even from a 3v4l kind of perspective. How do these services protect
> themselves if php is inherently insecure?
>
php is not inherently insecure. not even remotely and q
On Tue, 2024-08-06 at 20:51 +0200, Rob Landers wrote:
> Hey Nick,
>
> Looking forward to the RFC!
>
> On Tue, Aug 6, 2024, at 19:28, Nick Lockheart wrote:
> > >
> > > This looks quite valuable, and I assume auto loading would work
> > > just
> > > like normal? Register an autoloader that will e
On 06/08/2024 21:05, Rob Landers wrote:
> Hey Niels,
>
> I find this assertion kind of scary from a shared hosting perspective or even
> from a 3v4l kind of perspective. How do these services protect themselves if
> php is inherently insecure?
>
> — Rob
Hi Rob
I'm not a sysadmin guy or anyth
On Tue, Aug 6, 2024, at 20:59, Niels Dossche wrote:
> On 06/08/2024 10:41, Nick Lockheart wrote:
> >
> > Sandbox: Security
> >
> > A SandBox has two use cases:
> >
> > 1. Unit Testing of code with mocks or stubs, and also, allowing testing
> > with different environments.
> >
> > 2. The secur
On 06/08/2024 10:41, Nick Lockheart wrote:
>
> Sandbox: Security
>
> A SandBox has two use cases:
>
> 1. Unit Testing of code with mocks or stubs, and also, allowing testing
> with different environments.
>
> 2. The secure running of 3rd party code inside a 1st party application.
>
The use-ca
Hey Nick,
Looking forward to the RFC!
On Tue, Aug 6, 2024, at 19:28, Nick Lockheart wrote:
> >
> > This looks quite valuable, and I assume auto loading would work just
> > like normal? Register an autoloader that will eventually require the
> > file and call this function?
> >
> > It would be n
>
> This looks quite valuable, and I assume auto loading would work just
> like normal? Register an autoloader that will eventually require the
> file and call this function?
>
> It would be nice to provide a simplified api as well, maybe
> “CopyCurrentEnvironment()” or something? In most cases,
> On Aug 6, 2024, at 2:09 AM, Nick Lockheart wrote:
>
> Sand Box: A first class API that allows unit testing of code with mocks
> and stubs of other classes or functions, without the need to modify the
> class under test.
>
> This is an initial idea of how a Sand Box API could work:
>
> $oSandb
On Tue, Aug 6, 2024, at 10:41, Nick Lockheart wrote:
>
> Sandbox: Security
>
> A SandBox has two use cases:
>
> 1. Unit Testing of code with mocks or stubs, and also, allowing testing
> with different environments.
>
> 2. The secure running of 3rd party code inside a 1st party application.
>
Sandbox: Security
A SandBox has two use cases:
1. Unit Testing of code with mocks or stubs, and also, allowing testing
with different environments.
2. The secure running of 3rd party code inside a 1st party application.
For the second use case, I will use a fictional blogging software
called
14 matches
Mail list logo
