SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast
    Join Date
    Jun 2007
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Using program execution function

    I am using php to write inputs I receive from browser into a text file.Than I use shell_exec() to execute a program on server that writes those inputs from the text file and write its output to another text file. Now after my program has written its output I want to read this text file from php and send it back to the browser.
    Can someone please guide me how I can do this.


    Thanks

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Doesn't this sound dangerous to you? Can't I write input that would break out of whatever program you're passing the text to, and run arbitrary commands on your server? For example, to delete your site, or steal users' passwords, or steal credit card numbers from the sessions in the globally readable /tmp directory for other users on the same host?

  3. #3
    SitePoint Enthusiast
    Join Date
    Jun 2007
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey Dan, you can take care of security by allowing only allowing commands you want and allowing execution of programs in a particualr directory.

    Most serious issues which arises are.

    1) How to know when the program has completed its execution and written the results to output file.
    2) Concurrency and consistance of file when multiple users access it.
    3) Scalling, when many users try to access the program at the same time.

    If anyone would like to comment on those issues I would appreciate.

    Thanks


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •