[development] Security Around Setting Up a Sandbox

T L tloud365 at gmail.com
Tue Nov 3 14:52:45 UTC 2009

Hi Shai-

That sounds really cool.  Just a few thoughts:

   - I'd be concerned about allowing people to post any kind of content, in
   particular javascript or php.  So the first thing on my list to check would
   be the input filters that people are allowed to use.
   - Besides that, maybe it would be helpful if you could list what
   permissions and admin functionality you are planning on enabling, so people
   could think about security with these features in mind.
   - Lastly, since you explicitly asked, I can't personally recommend that
   you do this on a production server, but if you want to go down this route,
   I'd 1) try to setup some kind of apache jail for the d7 sandbox (this would
   separate the d7 system from the rest of your stuff) and 2) make sure that I
   had frequent off-site code and database backups for all of my client sites.

Again, cool idea.

On Tue, Nov 3, 2009 at 9:46 AM, Daniel F. Kudwien <news at unleashedmind.com>wrote:

> > I had planned to give people a LOT more access than that. I
> > certainly was *not *going to give folks FTP or administer
> > users permissions, but otherwise I was thinking of giving
> > authenticated users a lot of permissions. I'm planning on
> > having the Demonstration Site module
> > <http://drupal.org/project/demo>running to take snapshots on
> > cron (and I wouldn't give people admin privileges on that,
> > obviously). So I could set the site back if someone comes
> > along and messes things up.
> Handing out administrative permissions needs careful thoughts.  In
> Add Demo Secure module
> http://drupal.org/node/375411
> I outlined the critical steps to hand out _all_ administrative permissions
> for the sake of my Total Admin IA Revamp proposal earlier this year, which
> allowed to access and alter everything in Drupal.
> That, of course, required additional steps.  However, if you skip the
> following, then you should be fine:
> - administer permissions: Prevents granting access to PHP permissions,
> filter configuration.
> - administer filters: Prevents access to filter configuration.
> - administer languages: Prevents access to translation import
> functionality.
> - administer demo site: Prevents access to Demo site administration.
> (Attention: the "Reset" block can still be used, and can be enabled by
> anyone who has "administer blocks" access.)
> Additionally, I recommend to install a CAPTCHA or spam protection module.
> If you want to grant access to "administer site configuration" (which
> currently is the global access trigger for everything below admin/config),
> then people will be able to enable/disable modules.  To prevent certain
> modules from being disabled, you should put the following in their .info
> files:
> hidden = TRUE
> required = TRUE
> Please note that it's perfectly possible that some new functionality
> (authorize?) could make all of this a bit harder.
> sun

Tim Loudon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20091103/ef879906/attachment.html 

More information about the development mailing list