FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Webapp PHP executing external java programs
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Webapp PHP executing external java programs [message #180698 is a reply to message #180697] Mon, 11 March 2013 21:24 Go to previous message
J.O. Aho is currently offline  J.O. Aho
Messages: 194
Registered: September 2010
Karma:
Senior Member
On 11/03/13 21:24, israel wrote:
> Hello,
>
> I have a webapplication written in PHP.
> From this app I have a list of different java programs that run outside the php environment and produce some output.
> Basically from the webbapp I need to start and stop these external java programs. (Stop the program is not a problem)
>
> For example I should run something like:
>
> START
> "java -cp lib/mylibs.jar mycode.HelloWorld"
>
> STOP
> write a special signal in my DB, this is already working properly.
>
> I know that I can do it I am just asking how do you think I need to organize my filesystem to keep it safe, any suggestions or example that I can check ??

I guess you are thinking of exec() and the similar functions, while I
worked with web hosting, those functions was one of the most used to
install bots and other nasty things on the web servers, so I took the
maybe most unpopular decision and disable them all in the php.ini.

I would opt for a service which starts the java applications, the
service running as a really low privileged user, the service would just
start the right application when called from the php script, just taking
as few arguments as possible, for example just the "application name",
even if the web page would be compromised, nothing else would not be
possible to start than those things you already have decided and as they
run as unprivileged user, there shouldn't be much harm done.


> Security is extremly important and I have to avoid that someone can explit this and execute commands on my server...

See to having SELinux up and running, will limit what each user can do,
for example if you go with the daemon option, you could limit the user
to be only able to start those java applications and nothing else.


--

//Aho
[Message index]
 
Read Message
Read Message
Previous Topic: Does PHP have a way to pass form data to a remote script?
Next Topic: In php applying the KISS rule wins every time
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 02:06:46 GMT 2024

Total time taken to generate the page: 0.04228 seconds