用户提交的代码演示区的安全预防措施和技术
[英]Security precautions and techniques for a User-submitted Code Demo Area
问题描述
Maybe this isn't really feasible. 
也许这真的不可行。 But basically, I've been developing a snippet-sharing website and I would like it to have a 'live demo area'. 但基本上,我一直在开发一个片段共享网站,我希望它有一个“实时演示区”。
For example, you're browsing some snippets and click the Demo button. 例如,您正在浏览一些代码片段,然后单击“演示”按钮。 A new window pops up which executes the web code. 弹出一个新窗口,执行Web代码。
I understand there are a gazillion security risks involved in doing this - XSS, tags, nasty malware/drive by downloads, pr0n, etc. etc. etc. 我知道这样做会涉及数不胜数的安全风险-XSS,标签,讨厌的恶意软件/下载驱动器,pr0n等等等。
The community would be able to flag submissions that are blatantly naughty but obviously some would go undetected (and, in many cases, someone would have to fall victim to discover whatever nasty thing was submitted). 社区将能够标记那些显然是顽皮的提交,但是显然有些将不会被发现(而且在许多情况下,必须有人成为受害者才能发现提交的任何讨厌的东西)。
So I need to know: What should I do - security wise - to make sure that users can submit code, but that nothing malicious can be run - or executed offsite, etc? 因此,我需要知道: 为了确保用户可以提交代码,但没有恶意软件可以运行–或在异地执行,我该怎么做–安全方面?
For your information my site is powered by PHP using CodeIgniter. 供您参考,我的网站由使用CodeIgniter的PHP驱动。
Jack 插口
4 个解决方案
解决方案1
1 已采纳 2010-03-26 19:29:36
As Frank pointed out, if you want to maintain a high level of security use a whitelist technique. 正如弗兰克指出的那样,如果您想保持较高的安全性,请使用白名单技术。 This of course comes with a price (might be too restrictive, hard to implement). 当然,这是有代价的(可能过于严格,难以实施)。
The alternative route is to develop a blacklist technique. 替代方法是开发黑名单技术。 ie only allow code that hasn't triggered any bells. 即只允许未触发任何提示的代码。 This is easier, because you have to specify less things, but it will not catch new exploits. 这很容易,因为您只需指定较少的内容,但不会捕获新的漏洞。
There is plenty information available on the web on both techniques. 两种技术在网络上都有大量可用信息。
Relying on CodeIgniters security functions (XSS filtering etc.) will not get you very far as most of the snippets will not be allowed through. 依靠CodeIgniters的安全功能(XSS过滤等)不会使您走得太远,因为大多数代码段都无法通过。
Whatever you do you have to remember this: 无论您做什么,都必须记住以下几点:
Do not think malicious code will aim to just harm your website's visitors. 不要以为恶意代码只会损害您网站的访问者。 It may as well aim to compromise your server via your parser/code inspector. 它也可能旨在通过解析器/代码检查器来危害您的服务器。 For example, lets say Alice uploads snippet foo. 例如,假设爱丽丝上传了片段foo。 Alice intentionally crafts the snippet so that your parser will flag it as malicious due to an XSS exploit. 爱丽丝特意精心制作了代码段,以使您的解析器由于XSS漏洞而将其标记为恶意代码。 Lets say your parser also updates a database with the malicious snippet for further investigation. 可以说,您的解析器还会使用恶意代码段更新数据库,以进行进一步调查。 Alice knows this. 爱丽丝知道这一点。 Along with the XSS exploit Alice has injected some SQL code in the snippet, so that when you INSERT the snippet to the database it will do all sorts of bad stuff. 爱丽丝(Alice)与XSS漏洞一起在代码段中注入了一些SQL代码,因此,当您将代码段插入数据库时,它将做各种不好的事情。
If you are really paranoid, you could have an isolated server which its solely responsibility would be to inspect code snippets. 如果您真的很偏执,那么您可以拥有一台隔离的服务器,其唯一职责就是检查代码片段。 So in the WCS only that low-risk server would be compromised, and you would have (hopefully) enough time to fix/audit the situation. 因此,在WCS中,只有低风险服务器会受到威胁,并且您(有希望)有足够的时间来修复/审核情况。
Hope this helps. 希望这可以帮助。
解决方案2
1 2010-04-01 13:42:14
You cannot whitelist or blacklist PHP, it just doesn't work. 您不能将PHP列入白名单或黑名单,但这是行不通的。 If you write up a list of commands that I can use, or stop me from using malicious functions, what is to stop me from writing: 如果您列出了我可以使用的命令列表,或者阻止了我使用恶意功能,那么阻止我执行此操作的原因是:
$a = 'mai';
{$a .'l'}('somebody@important.com', 'You suck', 'A dodgy message sent from your server');
You cannot whitelist or blacklist PHP. 您不能将PHP列入白名单或黑名单。
解决方案3
0 2010-03-26 23:09:53
For your information my site is powered by PHP using CodeIgniter
Sorry Jack, if you think that is in the least bit relevant you're a very long way from understanding any valid answer to the question - let alone being able to distinguish the invalid ones. 对不起,杰克,如果您认为这一点无关紧要,那么您距离理解问题的任何有效答案还有很长的路要走-更不用说能够区分无效的答案了。
Any sandbox you create which will prevent someone from attacking your machine or your customers will be so restrictive that your clients will not be able to do much more than 'print'. 您创建的任何沙箱都会阻止某人攻击您的计算机或您的客户,因此限制非常严格,以至于您的客户只能做“打印”以外的工作。
You'd need to run a CLI version of suhosin on a custom chroot jail - and maintianing seperate environments for every script would be totally impractical. 您需要在自定义chroot监狱上运行suhosin的CLI版本-为每个脚本维护单独的环境是完全不切实际的。
C. C。
解决方案4
0 2010-03-31 21:31:11
Assuming you are only allowing javascript code, then you should do the following - 假设您只允许使用JavaScript代码,则应执行以下操作-
- Purchase a throw-away domain name that is not identifiable with your domain 购买您的域名无法识别的一次性域名
- Serve the user-entered code in an iframe that is hosted from the throw-away domain 将用户输入的代码提供到从废弃域托管的iframe中
This is essentially what iGoogle does. 本质上,这就是iGoogle所做的。 It prevents XSS because you are using a different domain. 由于您使用的是其他域,因此它会阻止XSS。 The only loophole I am aware of is that evil code can change the location of the webpage. 我知道的唯一漏洞是邪恶的代码可以更改网页的位置。
If you intend to share snippets of server side code, then it is a different ballgame. 如果您打算共享服务器端代码片段,那么这是另一回事。 For java/jsp snippets, you could use JVMs internal Security classes to run the code in a sandbox. 对于Java / jsp代码段,可以使用JVM的内部Security类在沙箱中运行代码。 You should find a lot of information on this if you google. 如果您使用google,应该会找到很多相关信息。 I would like to think this is what google uses in App Engine (I am not sure though). 我想这就是Google在App Engine中使用的(不过我不确定)。
Anything other than Java, I am not sure how to protect. 除了Java之外,我不确定该如何保护。 Dot Net perhaps has a similar concept, but I doubt you could sandbox PHP code snippets in a similar manner. Dot Net也许有类似的概念,但是我怀疑您是否可以以类似的方式对PHP代码段进行沙盒化。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.