Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
VArtem2014-06-06 15:50:22
PHP
VArtem, 2014-06-06 15:50:22

Safely loading third-party PHP files into a project

Hello!
There is a site written in PHP that needs to communicate with third party projects through their API. Our project for communicating with strangers has a system of gateways:

class BaseGateway {
public function ProjectInit($data);
public function CheckLogin($data);
...
}

Accordingly, each real gateway inherits the BaseGateway class and implements the communication functionality with each specific partner service.
Because Since there are quite a large number of third-party projects, we would like to provide an opportunity for programmers of our partners to write such gateways. All the information they need for processing is passed to this class during initialization and to each function (an associative $data array).
Question:
Do you need ideas on how you can offer partners to create their own gateways and upload their php files without making a huge security hole for themselves?
What is clearly not needed by the writer of gateways: working with the file system outside the directory allocated by him, the system, exec functions, the functions of changing access rights, and much more.
In fact, all that is needed is standard functions, curl, etc.
Trust in partner programmers:
We conclude an agreement with each partner, but these are third-party people, therefore, of course, there is a certain trust, but it is impossible to leave your system in front of them absolutely naked.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
P
Pavel K, 2014-06-06
@PavelK

It's hard to say anything without seeing the whole picture.
In my opinion, in this case it is better to look towards SOAP (WSDL), Restfull, etc.
Or you can, for example, prohibit all dangerous operations at the server level and run each script only on your own username with the corresponding rights set.
Or even just a separate environment.
Or do pre-moderation of all plug-in classes.
Or prohibit all operations and write wrappers over them, in which to check the correctness of the data.

Report
K
KOLANICH, 2014-06-06
@KOLANICH

um...
use AF_UNIX sockets for communication and separate PHP instances tucked into containers?
I also came across php.net/manual/ru/runkit.sandbox.php - this is a sandbox built into php

Report
V
VArtem, 2014-06-06
@VArtem

Those. to take out gateways separately, and to communicate with them from the project itself through sockets?
> do pre-moderation of all plug-in classes
or abandon this idea in general, this is the option that is now considered as the main one, but still it is interesting if there are ideas on how to implement this by technical means.
You can even go further and abstract from PHP. For example, rewrite all gateways in Java and make some kind of Java daemon that, at the command of the site, will call one or another gateway

Similar questions
R
ReDeNDeR2021-04-06 13:10:49
How to order raspberry pi in Baku? 4Reply
Y
Yaroslav2019-10-03 12:49:21
Where and how to find free labor for the for fun project and where to discuss ideas? 7Reply
P
podde2019-10-07 17:31:28
How to create an automatic signature in Service desk? 3Reply
E
Evgeny Yakushov2019-10-09 19:41:27
How to download a dynamically generated file and make the location of this page? 3Reply
A
AnatoliyKarpov2021-04-16 14:24:16
How to make ul have different classes? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question