Posted by shror on 12/27/07 06:29

On Dec 27, 2:06 am, shimmyshack <matt.fa...@gmail.com> wrote:
> On Dec 26, 5:43 pm, NC <n...@iname.com> wrote:
>
>
>
> > On Dec 24, 11:55 pm, shror <shahi...@gmail.com> wrote:
>
> > > On Dec 24, 7:48 pm, NC <n...@iname.com> wrote:
>
> > > > You want to execute arbitrary PHP code on your server, so there
> > > > is no way of "avoiding danger or hacking"... The only half-safe
> > > > solution I can think of is that the PHP server on which the user-
> > > > supplied code runs is virtual (so whatever damage the hackers do will
> > > > disappear when the server is restarted) and separate from the server
> > > > on which the application is hosted.
>
> > > so now for doing this system what about having a free hosting account
> > > that support the php do you think they could allow me host these
> > > dangerous pages on their servers or they will close my account after
> > > being attacked by any small danger.
>
> > On a properly configured server, other customers will not be in
> > danger. Only you will have the risk of having your site defaced by
> > your students. So the hosting company probably wouldn't mind, unless
> > your students start using your site to send out substantial amounts of
> > spam.
>
> > > also what is the w3schools doing in order to avoid the danger they
> > > face, does any body know.
>
> > 3schools is not allowing arbitrary server-side code to run; they have
> > pages that allow you to test some JavaScript, whose code is executed
> > client-side (i.e., in browser).
>
> > Cheers,
> > NC
>
> yeah set it all up to run from some frames which use php pages on a
> free site, great, but parse the output of these scripts so that you
> dont get javascript being pushed back into your site (if you use
> logins this allows one user to get at anothers data)
> so you could have an array of allowed functions, together will strict
> typing of inputs that are passed to those functions, and allow the
> user to write some basic php, which is then line by line pregmatched
> and then youre pretty safe, then paste the url here so we can have a
> play, sounds like fun. I am surprised nothings out there already
> though.

Thnx for all your support and I will try to do some of the tests in
order to check safety and validity of my system, also to get your
support in getting a better contents to give to those students.

Thanks so much.

shror

• Next in forum: Re: Business contact manager for SOHO use?
• Prev in forum: Re: I want to create web page acting as text Editor???
• Thread view: Re: I want to create web page acting as text Editor???

[Reply to this message]