Reputation: 964
PHP Sandbox environment
I'm not sure if the question title is apt.
Is there any possible way to deploy a sandbox php environment that will execute scripts and output results that runs separately from the actual php instance that processes your site.
This is in order to allow external users to upload and execute their custom php scripts without posing a security risk to the main website.
Upvotes: 2
Views: 999
Answers (2)
Reputation: 376
Yes, you can have them run in a sandbox or a chroot environment. No, there is no way to do this that is safe and secure.
You need to look at more than just the server. Also think about cookies. Any of these scripts will also be able to read and set cookies of your domain. If a user is logged into "/admin" on your domain (as an example) then one of these custom scripts will be sent the session identifier for that login and the custom script could send it to an attacker to do malicious things to your site.
Run the uploaded scripts run on a different server and use a different domain.
Upvotes: 3
Reputation: 1165
You can install multiple PHP instances and run Apache in a jail.
- http://mossiso.com/2009/09/02/multiple-php-instances-with-one-apache.html
- http://www.linux-faqs.info/apache/running-apache-in-chroot-jail
Upvotes: 3
Related Questions
- Developer sandbox
- Is there a way to execute php code in a sandbox from within php
- How do I dynamically create PHP Sandboxes
- Security issues with PHP Sandbox
- Sandboxing PHP Phar files
- Creating a Drupal Sandbox
- Sandboxing Users' PHP Code
- Run Java programs from PHP in a sandbox
- How to sandbox a request to another PHP script?
- Anyway to create a php sandbox for a user to develop in?