On 2 December 2016 19:17:36 GMT+00:00, sherwood@xxxxxxxxxxxxx wrote: >Ihave developed and operated a Linux-Apache-MySQL-PHP service for >several years.A new feature requires support for simple, user-defined >functions, to returnvalues used by the service. Here, we’re talking >about front-end users on theinternet, with some vetting, and typically >with some software engineeringexperience. I’ve been thinking about >security and support issues of course.Currentplans are to offer a >subset of PHP for the user-defined functions: Submittedfunctions would >be scanned, and only allowed functions and keywords would besupported. >Variable functions would be disallowed, etc. Does anyone haveexperience >or advice regarding this type of >approach?Thanks,GeorgeSherwoodThesereferences describe the >feature:http://testcover.com/pub/background/ecbecc.pdfhttp://testcover.com/pub/background/iwct2015.pdfhttp://testcover.com/pub/background/iwct2016.pdf ; Even with the best of intentions, this sounds fraught with potential security flaws. What sorts of things do you want them to be able to do? Is it feasible to offer them basic building blocks which can be connected to each other, e.g. graphical programming style? Thanks, Ash -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
