Ramy Mohsen
asked on
Is using shell_exec safe?
Hi,
Regarding security, Can I use shell_exec command safely in production web application ?
The command to be executed will be MYSQL shell command that's hardly coded.
Regarding security, Can I use shell_exec command safely in production web application ?
The command to be executed will be MYSQL shell command that's hardly coded.
Safety probably depends on how you have coded it and who can get to it. With all of the MySQL functions built into PHP, what would you be using it for?
ASKER
Thank you.
shell_exec(command);
Where COMMAND is the read command that I coded [not a variable and not containing and input from the user].
So is this safe?
I want to create DB, Clone DB.
Safety probably depends on how you have coded it and who can get to it.I'm hardly coding it, means i'm writing it as follows:
shell_exec(command);
Where COMMAND is the read command that I coded [not a variable and not containing and input from the user].
So is this safe?
I want to create DB, Clone DB.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry, What do you mean by running command from a file?
shell_exec normally uses a text variable as the command. http://php.net/manual/en/function.shell-exec.php That is essentially the same as running it from a file.
To create and Clone DB is not very useful if no one has privileges to use it. Creating users and privileges is a separate operation from creating the database.
Note also that you usually have to have 'root' privileges to do any of these things.
To create and Clone DB is not very useful if no one has privileges to use it. Creating users and privileges is a separate operation from creating the database.
Note also that you usually have to have 'root' privileges to do any of these things.
ASKER
I'm normally able to create users and grant privileges on the new created DB using shell command.
So no problem in this point.
The main point for me is the security of using shell_exec to do this.
So no problem in this point.
The main point for me is the security of using shell_exec to do this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.