software solutions

[woody]

Greetings!

I would like to run a BIG server (Windows or Linux) and run MULTIPLE INSTANCES of DyalogAPL and MiServer on the same server with each instance of MiServer bound to a unique PORT# (8xxx).

I have all of this working quite well under Windows ...

BUT, I have a potential problem with one of the MiServer instances ... where a programmer might accidently enter the command

⎕CMD 'DELETE C:' or something to that effect.

How can I protect the host server from the DyalogAPL so it can not run damaging commands or PowerShell scripts that might destroy or crash the host server.

I can get CLOSE by scanning through the Namespaces ... looking for ⎕CMD but this is hit or miss.

Can I somehow restrict this powerful ⎕CMD command (and maybe 1 or 2 other similar power commands) so I can run dozens of parallel instances of Dyalog APL under MiServer web hosting on one big server and know that APL can not delete or hack system files ?

Thoughts?

Thanks in advance,

//W

[Morten|Dyalog]

I don't believe there is a general way to limit the power of ⎕CMD - certainly not under Windows - other than perhaps running each user in a Docker Container or similar sandbox, which you simply delete and recycle for each session. I don't think that hosting multiple developers in a single MiServer instance is a safe way to go, they will be able to see and interfere with each other and there is no way to create barriers that will stop a determined hacker. Each user will need a separate execution environment if you are going to prevent them from doing harm to each other.

[woody]

I see your point.

APL was born to "own the computer OS" ... which is one of its strong points (system and data integration).

With Virtual servers so cheap now ...

I'll work in the direction of setting up each APL+Miserver instance on its own dedicated (Windows or Linux) server. This is the easiest to configure and manage.

Thanks for the reply.

//W

[Morten|Dyalog]

I don't think this is anything to do with APL as such. Most programming languages offer a way to make "shell calls" in the same way that you can with ⎕SH or ⎕CMD in APL, and they all suffer from exactly the same problem.