用PHP隔离吗? [英] Isolation in PHP?
问题描述
这是我考虑了一段时间的内容.
我正在创建一个应用程序,我的用户将在这个应用程序中上传自己的自定义主题,这意味着对于具有基本PHP/XSS/任何技能的人来说,这将是一个很好的机会,这会引起很多麻烦.
我想在一个沙盒封闭的环境中运行所有上载的文件,该环境只能访问我想要的东西(变量),而没有其他访问权限.
这会是个好习惯吗,怎么办?
要安全地允许任意html/javascript,则每个用户必须拥有自己的子域.如果每个用户都有自己的子域,则由于相同,用户的JavaScript将被限制在自己的沙箱中.来源政策.如果您只想允许安全html",则可以选择 htmlpurifer ,然后可以使用1个域.
允许自定义PHP更加危险. 共享托管"提供商依赖 suPHP 来强制php脚本以特定用户身份运行.这将要求每个用户在您的系统上拥有自己的帐户.这种防御方法已经存在了一段时间.它不是完美的,但却可以解决问题.
自定义主题的另一种可能的解决方案是使用模板引擎,该引擎可能会阻止模板完全访问PHP. SOme为此流行的框架:
- 聪明,它没有最好的保密记录,但是您要保持最新状态可能不会有问题.需要对其进行配置为禁止本机php .
- twig 是来自Symfony Framework制造商的相对较新的引擎.这意味着它有一个不错的开发人员基础,并且由于它与Symfony一起提供,因此也已经在野外进行了测试. Twig不允许调用任何PHP函数,除非您专门为它们创建了twig函数/过滤器.
Here's something I've thought about for a while.
I am creating an application where's my users will upload their own custom themes, which means that there's going to be a good opportunity for anyone with basic PHP/XSS/whatever skills to cause a lot of headache.
I would like to run any uploaded files in a sort-of sandboxed, closed environment that only has access to the stuff (variables) that I want and nothing else.
Would this be good practice and how would it be done?
To allow arbitrary html/javascript safely then each user must have its own subdomain. If each user has their own subdomain then a user's JavaScript will be restricted their own sandbox because of the Same Origin Policy. If you only want to allow "safe html" then htmlpurifer is an option, and then you can use 1 domain.
Allowing custom PHP is a bit more hazardous. "Shared hosting" providers rely upon suPHP which forces the php script to run as a specific user. This would require every user to have their own account on your system. This method of defense has been around for a while. It isn't perfect but it does the trick.
Another possible solution for custom themes is to use a templating engine, which can prevent templates from getting full access to PHP. SOme popular frameworks for this:
- smarty, it doesn't have the best secuirty track record, but you keep it up to date you probably won't have a problem. It needs to be configured to disallow native php.
- twig is a relatively new engine from the makers of Symfony Framework. This means it has a decent developer base and since it ships with Symfony, it's also been tested in the wild. Twig does not allow any PHP functions to be called, unless you specifically create a twig function/filter for them.
这篇关于用PHP隔离吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
