PHP sandbox discussion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey fella's, i thought i would start a thread for once :)

Ive got a 'php sandbox', that im encorparating into a simple php
tutorial.  THe tutorial is much like any php tutoiral, and really, is
just for me to get more comfortable using and parsing xml with the dom
functions.  What i would like to discuss is, the kind of security to
apply on the sandbox.  

The sanbox is simply and iframe, with designmode turned on, that allows
a user to write some code, submit, and that code gets written to a
file, and then included again to show the output.  I like this method
over eval(), for a couple reasons, we can discuss that as well later if
you want.  One of the nice things about using designmode on an iframe,
is that you can use tabs and such for formating your code.  You can
also easily set the src of the frame to a .phps file, that will display
in classic highlighted format the sourcecode.  

Anywys.. heres the question.. what do you think is the most viable
solution for security. 
1.  run apache in chroot envirnment.
2.  run php in safe_mode
3.  simply str_replace all filesystem functions with nothing.
4.  use the disable_function settings to disable filesystem functions...

5. .all of these
6. none of these....
7 . other.


THanks
Jason

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux