Net123 Posted May 11, 2015 Share Posted May 11, 2015 hi guys I must need your suggestions....THIS IS MY PROJECT ... I wanna allow my users to run their php codes in my sub folders...and I am indexing their admin panel via Sql and php...I wanna place my ads on their every php page which created by my users...I wanna allow my users to use their sql space...HERE IS MY POINT WHAT I AM TRYING TO SAY...allowing users to run their php codes may be a very big drawback for my parent server and my other users...because an user can be a bad injector ..they can post like (exec() .............). and an user can attack parent sql server...I guessed an idea like re-scan and formatting their codes ...but it's absolutely impossible ..because php has hundreds and thousands of functions I cannot format their codes...I can create a account for them like shared hosting...if I done that I cannot track them ...I need your suggestions...ideas ... I am in a very big confusion...every problem has solution almost... I need your help guys... atleat give me a small tip as u known Link to comment Share on other sites More sharing options...
Ingolme Posted May 11, 2015 Share Posted May 11, 2015 There's no secure way to execute code provided by users. Show me your solution and I'll show you the way around it. Security issues aside, executing a user's code is as simple as passing a user-provided string to the eval() function. Edit: If you have access to the server, you can set up an account for each user and give them permissions only in a particular directory. In the SQL server you would have to set up an account for each user and only give access to certain databases. I'm not a system administrator, just a developer, so I don't know all the details about it. Link to comment Share on other sites More sharing options...
justsomeguy Posted May 11, 2015 Share Posted May 11, 2015 Other hosting companies use individual user accounts with permissions set so that each user can only read files in their own directory and not the directories of other users. Each user would also have their own SQL databases and logins so that they could only use their own databases. Link to comment Share on other sites More sharing options...
justsomeguy Posted May 11, 2015 Share Posted May 11, 2015 You had duplicate topics, I've merged them. 1 Link to comment Share on other sites More sharing options...
Net123 Posted May 12, 2015 Author Share Posted May 12, 2015 There's no secure way to execute code provided by users. Show me your solution and I'll show you the way around it. Security issues aside, executing a user's code is as simple as passing a user-provided string to the eval() function. Edit: If you have access to the server, you can set up an account for each user and give them permissions only in a particular directory. In the SQL server you would have to set up an account for each user and only give access to certain databases. I'm not a system administrator, just a developer, so I don't know all the details about it. yes i known an way... but i really cannot say that's absolutely possible.. getting php code from users via form and save it as a .php file can be a way ... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now