Kindly stop redirecting my questions to that unrelated one which doesn’t answer my question whatsoever. I’ve already read every answer there and it doesn’t help at all. If it did, why would I ask this much more specific question?
This has been a continuous worry and problem for me for ages:
For practical and logical reasons, I am forced to trust some third-party PHP libraries. These are installed, updated and managed with
Composer, and live in
C:\PHP-untrusted-external, entirely separated from my own PHP scripts, which live in
The scripts in
C:\PHP-my-own include and make use of the libraries in
Since there is no way that anyone, especially not I, could ever vet all the third-party code, and all updates, I’m looking for some way to “secure” or “sandbox” these in some way, even if it’s just partial.
Basically, I’m worried that one day, an update will make an edit such as:
If that happened, the scripts would happily run and do those actions. Nothing prevents them from doing so.
Is there really no way to specify in the
php.ini configuration file, something like:
security.sandbox_dir = "C:\PHP-untrusted-external"
security.refuse_network_connections_for_dir = "C:\PHP-untrusted-external" security.refuse_disk_io_for_dir = "C:\PHP-untrusted-external"
… or something like that?
I don’t understand Docker. I have tried it countless times, and it makes no sense whatsoever to me. I don’t want Docker. I don’t want to deal with containers. Correction: I can’t deal with it. I’ve tried to, but didn’t understand it. Several times.
I just want PHP to support this in itself, and it seems more than reasonable to me. Doesn’t it seem reasonable to you?
The saying that “at some point, you have to trust other people” is way too generic/vague to apply here. It’s bypassing the problem. I don’t trust people at all, and for good reason. It seems idiotic that we are (apparently) just supposed to sit around and wait for the disaster to happen. At least if I could prevent the third-party scripts form doing anything with the file system and network, that would go some way toward mitigating this issue. It still won’t make the scripts unable to lie about the numbers/data they return to me, but at least they can’t directly “phone home” or delete random files.