Jump to content

Recommended Posts

I own http://phpsnips.com, and we are in the process of rebuilding it, and we want to add a new feature that will allow members to see a demonstration of some of the snippets we have, so they can see the result of the php in action before the use it and then find out it didn't do what they were expecting.

 

Do you have any suggestions for us on what we should do to keep it secure?

 

Some of the big things I was thinking of were:

A. No database examples

B. No examples with eval

C. Don't allow examples of all code

Link to comment
https://forums.phpfreaks.com/topic/261563-php-examples/
Share on other sites

You don't have to necessarily remove database examples - just don't actually communicate with a database. You can use session's to replicate the behavior but only for the specific user using it. This way no user can effect the outcome for another user, and no spam and junk.

 

Another option is to just truncate the tables every so often with a cron job.

 

For file uploads you can just not actually do anything with the file, just leave it in the tmp folder or manually remove it. If it's something that requires the full upload process you can just run a cron job to delete files every so often. Obviously you'd want to disable any script execution for that directory, as well as only allow file types specific to that demo.

 

From glancing at your site, a lot of the snippets should be pretty easy to have demo's for. For a lot of it you can just use equivalent Javascript.

Link to comment
https://forums.phpfreaks.com/topic/261563-php-examples/#findComment-1340554
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.