SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    May 2008
    Location
    South Florida
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Running user submitted code

    Hi everyone! I would like to learn and discuss best practices for running code that is submitted by users.

    Much like Drupal allows you to insert PHP code into new pages or posts from the web interface. I would like to discuss what would be the security implications with developing a custom app that allows user's to write their own code, for example: javascript; in order for users to create their own widgets, etc.

    Any ideas?

  2. #2
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Server-side run code:

    You'll first have to find an interpreter or compiler that is adequately sandboxed, or you must sandbox it yourself (hard).

    Once you find one, then you will have to think about memory, CPU time, and other resource constraints.

    I've so far looked at some languages I could sandbox with.
    PHP sandboxed via a PHP script -> There's http://us.php.net/runkit, but I haven't tried it recently
    PHP sandboxed via a C program -> Perhaps using the above, although kind of roundabout
    JavaScript sandboxed via a C program -> Possible, with Spidermonkey, V8, etc.
    JavaScript sandboxed via a Java program -> Possible with Rhino
    JavaScript sandboxed via a Python script -> I don't trust the module, nor does its creator
    Python sandboxed via anything -> Practically impossible, at least with CPython
    Java sandboxed via a Java program -> Possible
    Java sandboxed via anything that can embed Java -> Possible

    Client-side run code:

    You must separate widget code onto different domains (so they can't take your cookies, and have cross-domain policies applied), and load widgets via IFrames.

    There is also Caja: http://code.google.com/p/google-caja/

  3. #3
    SitePoint Enthusiast
    Join Date
    May 2008
    Location
    South Florida
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Great points, I think running client side code from iframes and/or from different domains would be the solution. If the code runs from the iframe, would it still need to be in a different domain? And let's say that any user can sign up and write their own code to the page, would each user need to be in a different domain to protect themselves from other users? or is it sufficient to put each piece of code in its own iframe?

  4. #4
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It would have to be in a different domain, because frames can talk to each other (JS: window.parent.frames[3]). If the parent page is in the same domain as the frame, then the frame can also access the parent page.

    I would put different widgets / different users' widgets in different subdomains of this 2nd domain. With proper configuration of your DNS server and your web server, it should work out pretty well.

    Note: Frames of different domains can still find out how many other frames there are and such. It's not a big deal, but just be aware.
    Also, be aware that if you put different widgets in different subdomains, global (.example.com) cookies can still be set.

  5. #5
    SitePoint Addict reboltutorial's Avatar
    Join Date
    Jan 2009
    Posts
    309
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well what about the risk of XSS exploit for users ?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •