FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Webapp PHP executing external java programs
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Webapp PHP executing external java programs [message #180697] Mon, 11 March 2013 16:24 Go to next message
israel is currently offline  israel
Messages: 3
Registered: March 2013
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
Hello,

I have a webapplication written in PHP.
From this app I have a list of different java programs that run outside the php environment and produce some output.
Basically from the webbapp I need to start and stop these external java programs. (Stop the program is not a problem)

For example I should run something like:

START
"java -cp lib/mylibs.jar mycode.HelloWorld"

STOP
write a special signal in my DB, this is already working properly.

I know that I can do it I am just asking how do you think I need to organize my filesystem to keep it safe, any suggestions or example that I can check ??
Any framework I can use for this purpose ?
Security is extremly important and I have to avoid that someone can explit this and execute commands on my server...

thank you
Re: Webapp PHP executing external java programs [message #180698 is a reply to message #180697] Mon, 11 March 2013 17:24 Go to previous message
J.O. Aho is currently offline  J.O. Aho
Messages: 194
Registered: September 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
On 11/03/13 21:24, israel wrote:
> Hello,
>
> I have a webapplication written in PHP.
> From this app I have a list of different java programs that run outside the php environment and produce some output.
> Basically from the webbapp I need to start and stop these external java programs. (Stop the program is not a problem)
>
> For example I should run something like:
>
> START
> "java -cp lib/mylibs.jar mycode.HelloWorld"
>
> STOP
> write a special signal in my DB, this is already working properly.
>
> I know that I can do it I am just asking how do you think I need to organize my filesystem to keep it safe, any suggestions or example that I can check ??

I guess you are thinking of exec() and the similar functions, while I
worked with web hosting, those functions was one of the most used to
install bots and other nasty things on the web servers, so I took the
maybe most unpopular decision and disable them all in the php.ini.

I would opt for a service which starts the java applications, the
service running as a really low privileged user, the service would just
start the right application when called from the php script, just taking
as few arguments as possible, for example just the "application name",
even if the web page would be compromised, nothing else would not be
possible to start than those things you already have decided and as they
run as unprivileged user, there shouldn't be much harm done.


> Security is extremly important and I have to avoid that someone can explit this and execute commands on my server...

See to having SELinux up and running, will limit what each user can do,
for example if you go with the daemon option, you could limit the user
to be only able to start those java applications and nothing else.


--

//Aho
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: Does PHP have a way to pass form data to a remote script?
Next Topic: In php applying the KISS rule wins every time
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Dec 11 01:03:27 EST 2017

Total time taken to generate the page: 0.00635 seconds