Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Peter Walter on November 14, 2003, 08:34:40 AM

Title: best practices for calling system routines within php script
Post by: Peter Walter on November 14, 2003, 08:34:40 AM

I have a need to call sme system routines from within a php script, such as signal-event. The problem is that some system routines are not executable by other than root, so my php script does not work. What would be the best way to work around this problem?

Title: Re: best practices for calling system routines within php sc
Post by: Charlie Brady on November 14, 2003, 04:49:09 PM

Peter Walter wrote:
 
> I have a need to call sme system routines from within a php
> script, such as signal-event. The problem is that some system
> routines are not executable by other than root, so my php
> script does not work. What would be the best way to work
> around this problem?

There isn't any. It's a security design. If php scripts could do things which require root privilege, then any flaw in the php script could allow a root compromise. And you don't want that.

PHP isn't a good language for doing security critical programming. I'd suggest that you read up on secure programming techniques, especially web related.

Charlie

Title: Re: best practices for calling system routines within php sc
Post by: Peter Walter on November 16, 2003, 05:33:02 AM

Charlie,

Thanks for your response. I have taken note of the security considerations, and am more than willing to use  any appropriate method the experts recommend.  All I am looking for is a way to trigger one specific event from a secured web page as a way of triggering a process remotely, using signal-event as the mechanism.  Is it at all possible to do so,  and, if so, how would it be done? Does anyone have a suggestion?

Peter