"be consistent" | |
PerlMonks |
Re: Calling external programs via cgi on win32by paulbort (Hermit) |
on Jul 02, 2004 at 18:34 UTC ( [id://371478]=note: print w/replies, xml ) | Need Help?? |
I've said before, and I'll say again: this is a dangerous design and should not be used. This kind of code gives anyone with a web browser complete access to your system. If you want users to be able to run specific programs, have the CGI write commands to a queue somewhere (files in a directory, registry entries, database rows, whatever), then have a second program that runs in the background (as a service maybe) pick up the queue entries and execute them. This gives you two big wins right off the bat: First, your web server doesn't need any special privileges, it just needs to be able to write to your queue. Second, when you later get hacked and decide you want to limit the commands that can be run, the back-end script is the only part you need to change. Even if you're doing this on an isolated system, that no one can acces from a network, it's still worthwhile to think about security and isolation in every program. These are good programming habits that will serve you well all of your days. -- Spring: Forces, Coiled Again!
In Section
Seekers of Perl Wisdom
|
|