Hey fella's, i thought i would start a thread for once :) Ive got a 'php sandbox', that im encorparating into a simple php tutorial. THe tutorial is much like any php tutoiral, and really, is just for me to get more comfortable using and parsing xml with the dom functions. What i would like to discuss is, the kind of security to apply on the sandbox.
The sanbox is simply and iframe, with designmode turned on, that allows a user to write some code, submit, and that code gets written to a file, and then included again to show the output. I like this method over eval(), for a couple reasons, we can discuss that as well later if you want. One of the nice things about using designmode on an iframe, is that you can use tabs and such for formating your code. You can also easily set the src of the frame to a .phps file, that will display in classic highlighted format the sourcecode. Anywys.. heres the question.. what do you think is the most viable solution for security. 1. run apache in chroot envirnment. 2. run php in safe_mode 3. simply str_replace all filesystem functions with nothing. 4. use the disable_function settings to disable filesystem functions... 5. .all of these 6. none of these.... 7 . other. THanks Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
