- No predefined environment restrictions at your code.
- A strong and simple security concept by permission tokens.
Keep your existing server
As you see, this token allows the script to read, write and execute all files under /users/testuser/. In this example you can lower the right aswell as the path itself. e.g. path: "/users/testuser/test/" & rights:"r".
This example was copied from above with small differences. As you can see, the execution right is missing and can not be introduces by lowering the rights of this token. Also the path points to an file (no "/" at the end), which forbids the script to lower the path. This functionality prevents scripts from exploiting the system by downgrading file paths e.g. the file "/secret" to an folder with the same characters at the begining e.g. "/secretfolder/" and accessing all of its content.
By setting an empty path every url in this scheme is accessible. In this situation it doesn't make any sense to "execute" web pages, therefore the x-right is ignored and has no effect in this case.
"-pr|file|false|./" "-prw|file|true|./user/"Since the "|"-Sign appears in der -p parameter make sure to quote the parameter as shown in the example above.
Run user code without security risks
Untrusted codeNeptunJS gives scripts the freedom to execute freely as long as no interaction with the system is made. If you are planning to run untrusted code with NeptunJS under an save environment here are a few tipps for a good system setup:
- Use the latest v8 version. The v8 engine is the part of NeptunJS running the script code itself. Because of its popularity and great developer community it is very unlikely that the engine contains dangerous bugs. Nevertheless it is highly recommended to compile NeptunJS with the latest v8 version possible. For more information see https://developers.google.com/v8/build - How to build V8
Setup NeptunJS in 5 Minutes
Use NeptunJS with CGI
Save this into a file and run it with the following command: neptunjs -utest -ptestpw helloworld.js
Work in progress ...