SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Addict
    Join Date
    Feb 2004
    Posts
    291
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Is shell_exec a security risk?

    Does enabling shell_exec in php.ini always pose a security risk? Or can it be done safely?

  2. #2
    Resident OCD goofball! bronze trophy Serenarules's Avatar
    Join Date
    Dec 2002
    Posts
    1,911
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    Short answer: potentially.

    Medium answer: any time you allow some program to be run on your server from the web, it's a risk.

    Long answer: it depends on how your system is configured and how you will be using it. In safe mode, it is disabled (this is a good indicator). It is also a good idea to use dedicated user/group for each service you are running, including your web service, and avoid 'master' services. [please see the Server forum for help with this] Just how safe it is to use will depend on the privileges of this user/group and what the method will running. Are you allowing only predefined tasks or letting users enter what they want (big no-no).


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •