[resolved] Disable MySQL In A Script?

beaver6813 · 01-03-2007, 09:06 AM

[RESOLVED]

Hey,
Okay, i need a way in PHP to disable MySQL access for the rest of the script. Users will be allowed to upload their scripts and i would like to execute them for reasons i'm not going to reveal yet

But i need to obviously secure it best i can so is there any way to disable MySQL access, so as to kinda run in sandbox mode?

lee101 · 01-03-2007, 09:43 AM

at the top of all the scripts

PHP Code:

  <?php

ini_set('disable_functions','mysql_query,mysql_connect,etc,etc,etc');

?>

To list all mysql functions.

I'm not sure if that would work though, just a thought:
http://uk.php.net/features.safe-mode

Lee

baxter · 01-03-2007, 09:48 AM

if you have apd installed, http://ca.php.net/manual/en/ref.apd.php , you can use the following method of disabling the functions you wish:

for example:

PHP Code:

  override_function('mysql_connect', '', "print 'mysql_connect function has been disabled';");

override_function('mysql_select_db', '', "print 'mysql_select_db function has been disabled';");

http://ca.php.net/manual/en/function...e-function.php

etc etc... but besure to disable the mysqli functions as well if they are applicable.

Also if you don't want to lose functionality of the functions for yourself you can use rename_function to rename the functions to a secure name for your use. for example

PHP Code:

  rename_function('mysql_connect', 'hidden_for_you_mysql_connect' );

http://ca.php.net/manual/en/function...e-function.php

beaver6813 · 01-03-2007, 10:43 AM

Brilliant

Ill give rep in a sec

Okay another incredibly annoying feature i can't get to work is that when i use my error handler in PHP it works fine with registering the first error, but doesn't pickup the others and it doesn't pickup parse errors, PHP overrides my error handler for parse errors.

Any ideas?

Peter · 01-03-2007, 11:14 AM

Not sure why it would only do the first error however.

An error handler cannot deal with parse errors as they are found before the script is executed and is outside the scope of the script. The following is taken from THIS manual page:-

Quote:

The following error types cannot be handled with a user defined function: E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR, E_COMPILE_WARNING, and most of E_STRICT raised in the file where set_error_handler() is called.

beaver6813 · 01-03-2007, 11:16 AM

Okies, so there is definately no way around that? So it returns all parse errors instead of just the first one found?

All i'm doing at the moment is picking up errors and setting error_log to write all errors to a text file which i can read at a later date. However even when i put in 3 errors like unclosed brackets and unterminated lines etc it still shows only one of the errors...

Peter · 01-03-2007, 11:18 AM

sorry edited my post must have been just after you replied.

As far as I am aware there is nothing you can do about reporting parse errors. I believe it is the zend engine that actually deals with the following errors:-

E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR, E_COMPILE_WARNING, E_STRICT

Hence why a custom error handler cannot deal with them.

Quote:

Originally Posted by beaver6813

All i'm doing at the moment is picking up errors and setting error_log to write all errors to a text file which i can read at a later date. However even when i put in 3 errors like unclosed brackets and unterminated lines etc it still shows only one of the errors...

Unfortunately only the first will display as the script terminates when the first error is found.

beaver6813 · 01-05-2007, 11:17 AM

Thanks

Resolved!

Peter · 01-05-2007, 02:24 PM

how did you sort the problem?

beaver6813 · 01-06-2007, 12:58 AM

Quote:

Originally Posted by filth@flexiwebhost

how did you sort the problem?

Using Ajax and PHP i wrote a script that requests the problem file, returns the error PHP gives if its a Parse/Fatal error and then goes to process. It then returns the line number of the problem script highlighted and if its something easy like an unterminated line it puts in the semi-colon. If its something harder to fix like brackets, it'll just return that error.

I've also taken a peek at a debugger written in C++ that actually taps straight into PHP's Zend engine, but i doubt i'd be able to do that in PHP :P

01-03-2007, 09:06 AM	#1 (permalink)
beaver6813 NamePros Regular Join Date: May 2005 Location: England Posts: 349 65.50 NP$ (Donate)	[RESOLVED] Disable MySQL In A Script? [RESOLVED] Hey, Okay, i need a way in PHP to disable MySQL access for the rest of the script. Users will be allowed to upload their scripts and i would like to execute them for reasons i'm not going to reveal yet But i need to obviously secure it best i can so is there any way to disable MySQL access, so as to kinda run in sandbox mode? __________________ -Beaver6813.com V5 Soon! Last edited by beaver6813; 01-05-2007 at 11:17 AM.

01-03-2007, 09:43 AM	#2 (permalink)
lee101 NamePros Regular Join Date: Mar 2006 Location: United Kingdom Posts: 344 482.75 NP$ (Donate)	at the top of all the scripts PHP Code: `<?php ini_set('disable_functions','mysql_query,mysql_connect,etc,etc,etc'); ?>` To list all mysql functions. I'm not sure if that would work though, just a thought: http://uk.php.net/features.safe-mode Lee __________________ http://bypasstopsite.com - Submit your proxy! http://biggertwitter.com - Make twitter a bit bigger! Currently Developing - Linux Screenshots

01-03-2007, 09:48 AM	#3 (permalink)
baxter NamePros Regular Join Date: Apr 2006 Posts: 289 1,990.00 NP$ (Donate)	if you have apd installed, http://ca.php.net/manual/en/ref.apd.php , you can use the following method of disabling the functions you wish: for example: PHP Code: `override_function('mysql_connect', '', "print 'mysql_connect function has been disabled';"); override_function('mysql_select_db', '', "print 'mysql_select_db function has been disabled';");` http://ca.php.net/manual/en/function...e-function.php etc etc... but besure to disable the mysqli functions as well if they are applicable. Also if you don't want to lose functionality of the functions for yourself you can use rename_function to rename the functions to a secure name for your use. for example PHP Code: `rename_function('mysql_connect', 'hidden_for_you_mysql_connect' );` http://ca.php.net/manual/en/function...e-function.php __________________ Chimps.ca - Swans.ca - Snails.ca

01-03-2007, 10:43 AM	#4 (permalink)
beaver6813 NamePros Regular Join Date: May 2005 Location: England Posts: 349 65.50 NP$ (Donate)	Brilliant Ill give rep in a sec Okay another incredibly annoying feature i can't get to work is that when i use my error handler in PHP it works fine with registering the first error, but doesn't pickup the others and it doesn't pickup parse errors, PHP overrides my error handler for parse errors. Any ideas? __________________ -Beaver6813.com V5 Soon!

01-03-2007, 11:16 AM	#6 (permalink)
beaver6813 NamePros Regular Join Date: May 2005 Location: England Posts: 349 65.50 NP$ (Donate)	Okies, so there is definately no way around that? So it returns all parse errors instead of just the first one found? All i'm doing at the moment is picking up errors and setting error_log to write all errors to a text file which i can read at a later date. However even when i put in 3 errors like unclosed brackets and unterminated lines etc it still shows only one of the errors... __________________ -Beaver6813.com V5 Soon!

01-05-2007, 11:17 AM	#8 (permalink)
beaver6813 NamePros Regular Join Date: May 2005 Location: England Posts: 349 65.50 NP$ (Donate)	Thanks Resolved! __________________ -Beaver6813.com V5 Soon!

01-05-2007, 02:24 PM	#9 (permalink)
Peter Senior Member Join Date: Nov 2003 Location: Scotland Posts: 4,900 0.60 NP$ (Donate)	how did you sort the problem?

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)