Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Webapp PHP executing external java programs
March 11, 2013, 8:24 pm
rate this thread
I have a webapplication written in PHP.
From this app I have a list of different java programs that run outside the php
environment and produce some output.
Basically from the webbapp I need to start and stop these external java
programs. (Stop the program is not a problem)
For example I should run something like:
"java -cp lib/mylibs.jar mycode.HelloWorld"
write a special signal in my DB, this is already working properly.
I know that I can do it I am just asking how do you think I need to organize my
filesystem to keep it safe, any suggestions or example that I can check ??
Any framework I can use for this purpose ?
Security is extremly important and I have to avoid that someone can explit this
and execute commands on my server...
Re: Webapp PHP executing external java programs
I guess you are thinking of exec() and the similar functions, while I
worked with web hosting, those functions was one of the most used to
install bots and other nasty things on the web servers, so I took the
maybe most unpopular decision and disable them all in the php.ini.
I would opt for a service which starts the java applications, the
service running as a really low privileged user, the service would just
start the right application when called from the php script, just taking
as few arguments as possible, for example just the "application name",
even if the web page would be compromised, nothing else would not be
possible to start than those things you already have decided and as they
run as unprivileged user, there shouldn't be much harm done.
See to having SELinux up and running, will limit what each user can do,
for example if you go with the daemon option, you could limit the user
to be only able to start those java applications and nothing else.
- » APC issues: locking up all processes and lack of PHP 5.4 support
- — Next thread in » PHP Scripting Forum