I have symfony 1.0 running on my Windows XP machine but have recently wanted to try Symfony 1.2. I unpacked the sandbox and set up a virtual host. The page returned is blank. http://sf_sandbox/web/ returns a blank page http://sf_sandbox/web/frontend_dev.php/ returns a blank page PHP, SQLite, Mysql are all fine. I tired adding echo ...
So Lua seems ideal for implementing secure "user scripts" inside my application. However, most examples of embedding lua seem to include loading all the standard libraries, including "io" and "package". So I can exclude those libs from my interpreter, but even the base library includes the functions "dofile" and "loadfile" which access...
How does google app engine's sandbox work? What would I have to do to create my own such sandbox (to safely allow my clients to run their apps on my engine without giving them the ability to format my disk drive)? Is it just class loader magic, byte manipulation or something? ...
Where can I find the application sandbox rules file for 3.0 firmware? I remember seeing it somewhere around in 2.x, but now can't find it. ...
I'm writing an application where users can enter a python script and execute it in a sandbox. I need a way to prevent the exec'ed code from importing certain modules, so malicious code won't be as much of a problem. Is there a way to do this in Python? ...
I am looking at allowing users to enter JavaScript to specify some logic in my app. The JavaScript would be entered and displayed in a browser, but it would be saved and validated server-side first. This opens up obvious security implications. Ideally, I would want to only allow a subset of the JavaScript language. Intuitively, an op...
Is it possible to package a XML file with a Flex app inside the .swf? With a Silverlight application, you can do this quite easily but you have to do a http request in flash to grab it if you're using flash?? I've been wondering this ever since I did a pretty serious silverlight application and utilized local txt and xml files for se...
We're writing an open source tool that is designed to work against multiple database products (really, it's designed to work with any database that has a JDBC driver available). However, because it does DDL (not DML), we need to test against different products. While MySQL, PostgreSQL and other open source db's are easy for us to test o...
Hi, I am trying IPN callback, using servlet. The code I am using is provided by paypal for verifying the ipn data. But every time i getting a INVALID response. Here is the code: Enumeration en = req.getParameterNames(); String str = "cmd=_notify-validate"; while (en.hasMoreElements()) { String paramName = (Stri...
Hello `package { import flash.events.*; import flash.net.XMLSocket; import flash.system.Security; public class DotNetSocketExample { private var hostName:String = "170.21.8.0"; private var port:uint =4000; private var socket:XMLSocket; public function DotNetSocketExample() { socket = new XMLSocket(); ...
Is there a Silverlight equivalent to signed applets in Java? I'm basically trying to host what would traditionally be a desktop application in a browser*, and I'd rather do it all in a single package (the Silverlight end) rather than delegate privileged actions to an outside (locally running) process. This would require some way of bre...
I am integrating our back end systems with Salesforce using the web services. I have production and stage environments running on different URLs. I need to be able to have the endpoint of the web service call be different depending on whether the code is running in the production or sandbox Salesforce instance. How do I detect the env...
Hi all, I am developing an iPhone app for uni and we create an sqlite database file within the iPhone's sandbox directory. Our application writes internally to this file, I am wondering how it would be possible to get this file back to my desktop. I don't really mind how it can be done, any way is fine. Maybe it is possible to even do ...
Scenario: a program running in a byte code virtual machine like Java or Python, wants to evaluate (by compiling on the fly to byte code and then running) a function whose code was automatically generated or supplied from outside. The tricky bit is that the function's code is not trusted -- it may have been generated by a stochastic meth...
There are several resources out there that explain how the sandbox in Chrome works and what it does to protect users from malicious code. Chromium Blog Chromium Developer Documentation Sandbox FAQ That's great, and I like the OS-centric design that they have in place (somewhat of a "The OS probably knows how to secure itself better t...
I have a web app that is being served through Tomcat. My app lets users submit their own workflow which will then be executed on the server. My problem is how to control how much memory each user is taking up on the server. I think Tomcat itself runs apps in a sandbox of its own. I say this because when my app runs out of memory and cras...
Hi, I have a Flex client using a Flash binary (TCP) socket for communication with a Java server. I have a localhost (Apache) server providing a crossdomain.xml file which is wide open just while I am testing. My code successfully loads the policy file on startup. I then connect the socket to the server without any difficulty and se...
Hi guys ! I implemented a gSoap c++ webservice-server to be accessed by Flash (as3) Everything runs smooth as long as i test the .swf locally, the .wsdl is loaded fine, and the communication works, even with the server running on an external ip already. But the moment i put that .swf online - its coming up with sandbox security violat...
I get a Flex 3 sandbox error #2048 after connecting to a Socket on a Java (1.5) server. The server code is all mine, i.e. not running under Apache. Flash Player 10.0 r32. The sequence is as follows... 1 Java server starts, listens on port 843 for policy file request and on port 45455 for my other requests. 2 Flex client served by Ap...
I want to make my application to run other people's code, aka plugins. However, what options do I have to make this secure so they don't write malicous code. How do I control what they can or can not do? I have stumbled around that JVM has a "built in sandbox" feature - what is it and is this the only way? Are there third-party Java lib...