- Joined
- Jun 10, 2014
- Messages
- 875
- Reaction score
- 591
- First Language
- English
- Primarily Uses
- RMMV
DOUBLE EDIT: I'll just quote my original post and edit this, because I've changed my mind. I'm going to make an offline app.I'm writing an app in PHP that requires seemingly a ruby-only/python-only function, and I've learned how to run rb scripts with PHP so I'm making an online app. I've been testing my app with MAMP and I've only tested basic print/puts on my GoDaddy hosting, but assuming my host doesn't already sandbox the Ruby for me, how do I get rid of functions temporarily during run-time for safety, programmatically?
This is important because the one function I need to use in my app is Marshal.load which evals the Ruby and I intend to allow direct upload of Marshalled rvdata2 files.
I can process the file into my ruby with PHP so I don't any File functions and the write capabilities of File paired with remote/custom eval scares me, so I want to disable the File class most of all.
I tried
And that seems to block it, but is that even fully blacklisted during script run?Ruby:File = nil
and what other things should I be scared of?
Side note: The ruby docs seemingly say that JSON load does the same thing as Marshal load, which is safer because it makes an object or something, but I'm getting parse errors with it loading rmvdata2 where as Marshal loads it flawlessly. Perhaps I'm reading the docs on ruby JSON wrong.
I'm going to use my marshal ruby script pipe with node js, hopefully the same way I used the ruby pipe with php.
I'll just leave this topic open for the discussion about how I was about to put a really bad thing on my server.
Last edited:
