Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- PHP Security Question
- Patrick McDonnell
September 26, 2004, 6:06 pm
rate this thread
accounts to my system. However, the PHP script runs on the webserver,
while the accounts need to be created on a different box, which I'll refer
to as "master". Right now, on "master" I have a script which can create
and destroy directories in /home, and set permissions, etc. The script is
run by a shell_exec(ssh master sudo homeDirManage.sh create $USER). I have
setup the web server user to be able to ssh to master without a password,
and use sudo to run homeDirManage.sh without a password. What I'm worried
about is that any other user able to put up their web page can do the exact
same thing, and delete home dirs. Is there a more secure way to do this?
Re: PHP Security Question
How about sending an email, signed a special way with some sort of MD5
hash, that gives particulars on how to create the account to the remote
system. A script would execute, authenticate the hash, and perform the
account add or other action.
DeeDee, don't press that button! DeeDee! NO! Dee...