PHWinfo - Afficher un message - User-scripting within PHP

27/02/2008, 03h25

On Feb 25, 6:55 pm, Mike Placentra II
<nothingsoriginalontheinter...@gmail.com> wrote:
> On Feb 25, 11:32 am, Omega <atrau...@gmail.com> wrote:
>
> > I'm interested in adding custom scripting functionality to my PHP
> > site.
> > I'm not averse to
> > creating a secondary limited PHP environment within my script either
> > if that is possible.
>
> In a *nix environment it would be possible to run any sort of command-
> line interpreter under the privileges of another user. The server had
> better have well thought out permissions set on all of it's files,
> though. Of course, your PHP script needs to be carefully planned as
> well. I would still be wary about the security risks of this.
>
> It may be necessary to even recreate the "birdcage" user account
> between invocations of this, since a site visitor could potentially do
> some interesting things to the account from scripts they submit.
>
> You should do some research on the security risks of this as well as
> pay attention to the "that's a dumb idea" messages that I am expecting
> to be posted in reply to my suggestion.
>
> -Michael Placentra II

Michael, personally I'd like to avoid invoking commandline. I don't
think it would meet my needs either given that I would like to
configure the environment to some degree (provide a kind of API). As
well, the inherent security risks are obvious.
For sure I'm no novice in all this, I've simply found myself without
an obvious solution

Thank you though and I'm sure others that find this discussion will at
least benefit from what we say!

27/02/2008, 03h25	#6
Omega Messages: n/a Hébergeur:	Re: User-scripting within PHP On Feb 25, 6:55 pm, Mike Placentra II <nothingsoriginalontheinter...@gmail.com> wrote: > On Feb 25, 11:32 am, Omega <atrau...@gmail.com> wrote: > > > I'm interested in adding custom scripting functionality to my PHP > > site. > > I'm not averse to > > creating a secondary limited PHP environment within my script either > > if that is possible. > > In a *nix environment it would be possible to run any sort of command- > line interpreter under the privileges of another user. The server had > better have well thought out permissions set on all of it's files, > though. Of course, your PHP script needs to be carefully planned as > well. I would still be wary about the security risks of this. > > It may be necessary to even recreate the "birdcage" user account > between invocations of this, since a site visitor could potentially do > some interesting things to the account from scripts they submit. > > You should do some research on the security risks of this as well as > pay attention to the "that's a dumb idea" messages that I am expecting > to be posted in reply to my suggestion. > > -Michael Placentra II Michael, personally I'd like to avoid invoking commandline. I don't think it would meet my needs either given that I would like to configure the environment to some degree (provide a kind of API). As well, the inherent security risks are obvious. For sure I'm no novice in all this, I've simply found myself without an obvious solution Thank you though and I'm sure others that find this discussion will at least benefit from what we say!