A real sandbox mechanism is not likely to be implemented, at least, not for a very long time.
Having needed something like this myself for a commercial project in the past, I settled on a "user-space sandbox" using the tokenizer extension to parse the code and filter out unsafe functions, rewrite "new" statements to prevent instantiation of certain classes, rewrite access to global variables and so on. Unfortunately, I don't own the code, so I cannot make it available. However, the thing to remember is that you can never make it 100% secure if you are executing anything that came from outside of your program. --Wez. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
