10 January 2012

Monkey Patch as hardening procedure

Some times our php code acts as framework to serve small applications like a CMS or an administrative appliance launches mini applications to do maintain tasks.

If our application is wide open for developers community nothings guarantee the security and your product image can be get a fast burndown for your customers.

Monkey Patch is a simple solution for this ¿why not? Wikipedia explains the moneky patch so:
monkey patch is a way to extend or modify the run-time code of dynamic languages without altering the original source code. This process has also been described as "duck punching".[1]
src: http://en.wikipedia.org/wiki/Monkey_patch

And this is a interesting way to hardening your external or plugin scripts:

Using namespaces to capture the basic functions:

# apt-get install build-essential php5-dev and pecl apd (advanced php debugger) [...]

A starter "jailed" (more precisely overdrived) environment of application in your framework:


"myPlugin" file acting as a unsecure code:


And finally the little security layer:


Posted at BinaryCell

No comments:

Post a Comment


Disclaimer: In no event shall the blog owner, be liable for any damages, including without limitation, special, indirect or consequential damages, or any damages, whatsoever resulting from access or use, or inability to access or use this Website or arising out of any materials, information, qualifications or recommendations on this Website.