SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict
    Join Date
    Feb 2004
    Posts
    291
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    shell_exec secure?

    Hi.

    Does enabling shell_exec in php.ini always pose a security risk? Or can it be done safely?

  2. #2
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,629
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    I'd argue it is always a risk -- the damage an attacker can do with the ability to execute arbitrary shell commands is immense. This risk can be abated by being religious about input sanitization and making sure that PHP runs in a restricted context. But I would not open the door if I had other options.

  3. #3
    SitePoint Enthusiast
    Join Date
    Nov 2012
    Location
    Cape Town, South Africa
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yip I disable that when setting up a new server. Anything that can execute shell scripts is a major risk


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •