Say I have a web site where people can upload their code in class form. How could I limit what can actually be done within that class?
Asked
Active
Viewed 340 times
3
Andrew Thompson
- 168,117
- 40
- 217
- 433
James P.
- 19,313
- 27
- 97
- 155
-
1I'm afraid the answer is, write your own parser :-( – TFennis Mar 08 '13 at 10:09
-
BTW - What does this have to do with PHP? Am I right in presuming you intend to run the classes on the server? – Andrew Thompson Mar 08 '13 at 10:11
-
@AndrewThompson I am also interested in PHP. The question came to mind after seeing this site: http://ideone.com/ – James P. Mar 08 '13 at 10:12
-
1You may want to take a peek at the source of [Robocode](http://robocode.sourceforge.net/), which makes it possible for people to create Java programs that fight each other in a sandbox. Their security model sounds similar to what you are looking for. – Henrik Aasted Sørensen Mar 08 '13 at 10:12
1 Answers
3
Implement a SecurityManager1 for the client code. I would also recommend testing how long the code runs, and ending it if over a limit (this is more aimed at catching programmer incompetence that leads to an infinite loop, rather than deliberately malicious actions).
- E.G. as seen in this answer which aims to achieve Preventing System.exit() from API.
Community
- 1
- 1
Andrew Thompson
- 168,117
- 40
- 217
- 433