The essence is this: you need to allow users to execute a script on the server, such that it is impossible to harm (fill the shell, climb into the database, etc.). The script will be used to process text in messages.

Is there some kind of sandbox on PCP, on the server side?

  • hmm a script in what language? maybe it would be easier to implement your own simple language than to shut up all the potential threats for such a pearl script. well, or chroot + execution from under a special user without home and with cropped rights. - VladD
  • No matter what language, preferably similar to php, or javascript - kanaris
  • @VladD support! Write something like smarty and write a handler. - Palmervan
  • Well, js is a good idea. If the global object is the processed text (that is, the execution is needed on the custom engine, not from under the browser), the script simply will not have access to the file system and where it is generally not allowed. (I can’t give you a concrete implementation.) - VladD
  • @Palmervan: what is smarty? Forgive my ignorance. - VladD

0