Secure way to run other people code (sandbox) on my server?
Posted
by
amikazmi
on Stack Overflow
See other posts from Stack Overflow
or by amikazmi
Published on 2009-04-27T09:09:13Z
Indexed on
2011/01/15
6:53 UTC
Read the original article
Hit count: 151
I want to make a web service that run other people code locally... Naturally, I want to limit their code access to certain "sandbox" directory, and that they wont be able to connect to other parts of my server (DB, main webserver, etc)
Whats the best way to do it?
Run VMware/Virtualbox:
(+) I guess it's as secure as it gets.. even if someone manage to "hack".. they only hack the guest machine
(+) can limit the cpu & memory the process uses
(+) easy to setup.. just create the VM
(-) harder to "connect" the sandbox directory from the host to the guest
(-) wasting extra memory and cpu for managing the VM
Run underprivileged user:
(+) doesnt waste extra resources
(+) sandbox directory is just a plain directory
(?) cant limit cpu and memory?
(?) dont know if it's secure enough...
Any other way?
Server running Fedora Core 8, the "other" codes written in Java & C++
© Stack Overflow or respective owner