subject:"\[PHP\-DEV\] PHP in a Hyper\-secure environment"

Re: [PHP-DEV] PHP in a Hyper-secure environment

2001-08-10 Thread John Lim


I would suggest using a template class such as Smarty - then you only allow
a limited set of PHP functions to be used which you can define.

See http://www.phpinsider.com/php/code/Smarty/

Regards, John

"James Moore" <[EMAIL PROTECTED]> wrote in message
008101c1218f$805664b0$c04c01d5@hound">news:008101c1218f$805664b0$c04c01d5@hound...
> anychance of writing your complex functions in C? then you can do exectly
> what you want.
>
> - James
> - Original Message -
> From: "Howie Oakes" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Friday, August 10, 2001 2:55 PM
> Subject: Re: [PHP-DEV] PHP in a Hyper-secure environment
>
>
> > Hello-
> >
> > I realize I can have per-directory settings, however the issue is that I
> > want a web developer to be able to use a simplified version of PHP on a
> > page, yet still be able to call encoded functions that have access to
the
> > full version of PHP, without allowing them direct access to that code.
> >
> > I had a crazy thought...Could I set up PHP to parse the page twice? One
> > time looking for my complex funcions prefixed with a special
name...using
> a
> > full version of PHP, and then parse it a seccond time running all the
> > "regular" PHP code?
> >
> > -Howie
> >
> >
> > >
> > >> Does anyone have any ideas? I basically want to run 2 versions of PHP
> at
> > >> the same time, and access them from the same page. If you zend encode
a
> > >> script, can I get it to refer to a different php.ini? Is the php.ini
> file
> > >> read when a script is executed, or does it get read only when you
start
> > >> apache?
> > >
> > >If you are running Apache, you can use the .htaccess file to pass
> settings
> > >to individual directories; for an example see:
> > >
> > > http://iki.fi/heko/utils/conf/dot-files/dot-htaccess
> > >
> > >The php.ini file is only read once per server startup.
> > >
> > >
> > >
> > >
> >
> >
> > --
> > PHP Development Mailing List <http://www.php.net/>
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
>



-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] PHP in a Hyper-secure environment

2001-08-10 Thread James Moore


anychance of writing your complex functions in C? then you can do exectly
what you want.

- James
- Original Message -
From: "Howie Oakes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, August 10, 2001 2:55 PM
Subject: Re: [PHP-DEV] PHP in a Hyper-secure environment


> Hello-
>
> I realize I can have per-directory settings, however the issue is that I
> want a web developer to be able to use a simplified version of PHP on a
> page, yet still be able to call encoded functions that have access to the
> full version of PHP, without allowing them direct access to that code.
>
> I had a crazy thought...Could I set up PHP to parse the page twice? One
> time looking for my complex funcions prefixed with a special name...using
a
> full version of PHP, and then parse it a seccond time running all the
> "regular" PHP code?
>
> -Howie
>
>
> >
> >> Does anyone have any ideas? I basically want to run 2 versions of PHP
at
> >> the same time, and access them from the same page. If you zend encode a
> >> script, can I get it to refer to a different php.ini? Is the php.ini
file
> >> read when a script is executed, or does it get read only when you start
> >> apache?
> >
> >If you are running Apache, you can use the .htaccess file to pass
settings
> >to individual directories; for an example see:
> >
> > http://iki.fi/heko/utils/conf/dot-files/dot-htaccess
> >
> >The php.ini file is only read once per server startup.
> >
> >
> >
> >
>
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] PHP in a Hyper-secure environment

2001-08-10 Thread Howie Oakes


Hello-

I realize I can have per-directory settings, however the issue is that I
want a web developer to be able to use a simplified version of PHP on a
page, yet still be able to call encoded functions that have access to the
full version of PHP, without allowing them direct access to that code.

I had a crazy thought...Could I set up PHP to parse the page twice? One
time looking for my complex funcions prefixed with a special name...using a
full version of PHP, and then parse it a seccond time running all the
"regular" PHP code?

-Howie


>
>> Does anyone have any ideas? I basically want to run 2 versions of PHP at
>> the same time, and access them from the same page. If you zend encode a
>> script, can I get it to refer to a different php.ini? Is the php.ini file
>> read when a script is executed, or does it get read only when you start
>> apache?
>
>If you are running Apache, you can use the .htaccess file to pass settings
>to individual directories; for an example see:
>
>   http://iki.fi/heko/utils/conf/dot-files/dot-htaccess
>
>The php.ini file is only read once per server startup.
>
>
>
>


-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] PHP in a Hyper-secure environment

2001-08-10 Thread Howie Oakes


Hello-

I work in the website division of a large company that runs online
financial software. I have been promoting PHP since I arrived, and they are
finally looking at it seriously. We operate in a hyper-secure environment,
where Federal audits are a common occurence. 

We currently host over 1200 websites. I know this is hard to believe, but
the website component (not the actual financial product) is done in flat
html! Needless to say, we are very limited in what we can offer our clients
as far as the website.  We have been limited because of our security
department, and they are begining to realize (finally) that the situation
can't continue this way.

In comes PHP...

Here is my issue...The only way that they will allow PHP to run in our
website environment is if we disable a majority of the functions using the
disable_function parameter in the .ini. Our general web authors can deal
with this limitation because most of what they would be using PHP for is
simple includes and conditional statements. However, there are a number of
complex scripts (hopefully zend encoded, and source controlled) that would
use much more functionality than we offer to the general web authors. I am
trying to develop a system that would allow us to have a paired-down
version of PHP running on the sites, yet still allow the web authors to
call our complex scripts...

Does anyone have any ideas? I basically want to run 2 versions of PHP at
the same time, and access them from the same page. If you zend encode a
script, can I get it to refer to a different php.ini? Is the php.ini file
read when a script is executed, or does it get read only when you start
apache?


Thanks for any thoughts!
Howie




-- 
PHP Development Mailing List 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DEV] PHP in a Hyper-secure environment

Re: [PHP-DEV] PHP in a Hyper-secure environment

Re: [PHP-DEV] PHP in a Hyper-secure environment

[PHP-DEV] PHP in a Hyper-secure environment

4 matches

Site Navigation

Mail list logo

Footer information