|
Mitigate the Security Risks of PHP System Command Execution |
|
|
|
Source: PHP Builder - Posted by Anthony Pell
|
As the Web continues its march towards becoming the de facto interface for the world's software applications, developers must find effective ways to not only communicate with server processes such as MySQL, but also other operating system tools such as a shell or Ruby script. In this tutorial, I'll show you how to securely execute a variety of system-based commands via a PHP script, demonstrating how to build web applications that can tightly integrate with both the operating system and third-party software.
Minding the Security Risks
Hopefully, you understand how important it is to thoroughly validate all user input accepted through a web form; after all, if you neglect this task, your data could be stolen or damaged via a SQL injection attack, or your users could be spoofed via a cross-site scripting attack.
The risks of not properly vetting operating system commands initiated through a PHP script are no less severe! With this in mind, before jumping into a few examples it's worth taking a moment to understand how this particular feature can pose a significant security risk to not only your web site, but also to the stability of the entire web server.
Read this full article at PHP Builder
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
