Webapp PHP executing external java programs

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have a webapplication written in PHP.
From this app I have a list of different java programs that run outside the php
environment and produce some output.
Basically from the webbapp I need to start and stop these external java
programs. (Stop the program is not a problem)

For example I should run something like:

"java -cp lib/mylibs.jar mycode.HelloWorld"

write a special signal in my DB, this is already working properly.

I know that I can do it I am just asking how do you think I need to organize my
filesystem to keep it safe, any suggestions or example that I can check ??
Any framework I can use for this purpose ?
Security is extremly important and I have to avoid that someone can explit this
and execute commands on my server...

thank you

Re: Webapp PHP executing external java programs

On 11/03/13 21:24, israel wrote:
Quoted text here. Click to load it

I guess you are thinking of exec() and the similar functions, while I  
worked with web hosting, those functions was one of the most used to  
install bots and other nasty things on the web servers, so I took the  
maybe most unpopular decision and disable them all in the php.ini.

I would opt for a service which starts the java applications, the  
service running as a really low privileged user, the service would just  
start the right application when called from the php script, just taking  
as few arguments as possible, for example just the "application name",  
even if the web page would be compromised, nothing else would not be  
possible to start than those things you already have decided and as they  
run as unprivileged user, there shouldn't be much harm done.

Quoted text here. Click to load it

See to having SELinux up and running, will limit what each user can do,  
for example if you go with the daemon option, you could limit the user  
to be only able to start those java applications and nothing else.



Site Timeline