On Thu, 14 Feb 2002, Trevor Ouellette wrote:
> I've got an interesting question. > > Is it possible to have a PHP panel that can trigger an event or action? > > What kind of security is involved here? > > So, if the event/actions are built, the templates are in place, and the > configuration have their respective variables set up... can PHP trigger the > event and put the whole system in motion? The short answer is no. PHP scripts are interpreted inside the web server, so run with the user and group id of the web-server, i.e. www. And 'www' doesn't have permission to do anything privileged. The manager scripts can do privileged things because they are setuid scripts, and run as 'root'. There was some discussion about running PHP in the admin web server a few weeks ago where I discussed some of the security implications. -- Charlie Brady [EMAIL PROTECTED] Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
