StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POAre there any sandboxable scripting engines which can be integrated with PHP/Python/other?
text
Body
copied!<p>I'm performing a thought-experiment which, judging by other questions, isn't so novel after all, but I think I'll proceed anyway. I want to sandbox a user-supplied server-side script by, among other things, confining it to a virtual filesystem and setting the root directory, and further mapping certain virtual directories to specific physical ones, inconsistent with the actual directory structure. For example (using PHP string parsing), my preconception is "~$user/..." but the less-semantic "/$user/..." would work fine too; either might map to "users/$user/$script_name/data/...". Yes, under certain circumstances multiple users can be affected by the script.</p> <p>Since this is a thought-experiment and I therefore don't consider the implementation language an issue, I'm expecting to do it on my localhost and would rather use PHP than install something else. (I also have Python 2 available, and could get mod_wsgi to use it instead. I'd install Python 3 if I had to.) Ideally, I wish a PEAR module would do this - but from what I can see none does.</p> <p>I tried and failed to find a server module, such as SSJS, that could accomplish this. The closest things to answers that I found were << <a href="https://stackoverflow.com/questions/5095988/looking-for-a-locked-down-script-interpreter">Looking for a locked down script interpreter</a> >> and << <a href="https://stackoverflow.com/questions/1970195/allowing-users-to-script-inline-what-inline-scripting-engines-are-there-for-eith">Allowing users to script inline, what inline scripting engines are there for either .net or java?</a> >>. I'll move to Java or, less likely, Mono if I absolutely have to, but I'm not enthusiastic to the idea. (I'm extremely rusty on Java, and have hardly used it server-side at all. Mono is totally alien to me.)</p> <p>Since they're the most promising options so far, I also wonder how extensive the sandboxing facilities are in Java and Mono. For example, can they do virtual filesystems? Entering APIs from Java user-code into the engine? Are any standard APIs offered to the script, and if so can they be removed?</p> <p><strong>Clarification</strong> I don't really care which way this goes, but I was actually expecting Java/Mono to be the implementation platform rather than the sandboxed one, based on the questions & answers I linked. I'm a little surprised to see that flipped in the answers, but either way works.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload