I am going to make an online judge platform. I have looked for some online judge
ID: 651579 • Letter: I
Question
I am going to make an online judge platform.
I have looked for some online judge platforms on the Internet for reference (I mean the platforms which have the source code available, and can be hosted my others, not something like Codeforces). Most of them have a web interface written in PHP (or something else).
When users submit the solutions of the problems, the submissions are sent to another programs (a server side program written in C++, Java or something else), which is hosted on or not on the same server, through socket.
What is the benefit of this design? Why not doing so through PHP, with functions like exec()? Which design will you appreciate more?
Explanation / Answer
It can be done for security and to detect or prevent cheating. It's called sandboxing.
Your main server likely has a lot of important things on it: your source code, your database, access to email functions, etc. To exec arbitrary code from an untrusted user on that server is asking for trouble. Even if you sanitized their code (which is a big if, because you can't determine exactly how a program will behave without running it), there may be a PHP bug that they can exploit to take control of the server.
From there they could do anything from downloading the problem answers up to stealing credit card information (if you collect payments), wiping your database, or sending out spam.
If you sandbox and run submissions on another server, you can restrict that server's permissions by turning off modules like curl, mysql, and sendmail. You can limit it to the more basic functions that your users will need for solving coding problems.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.