Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Re: Calling external programs via cgi on win32

by paulbort (Hermit)
on Jul 02, 2004 at 18:34 UTC ( #371478=note: print w/replies, xml ) Need Help??

in reply to Calling external programs via cgi on win32

I've said before, and I'll say again: this is a dangerous design and should not be used.

This kind of code gives anyone with a web browser complete access to your system. If you want users to be able to run specific programs, have the CGI write commands to a queue somewhere (files in a directory, registry entries, database rows, whatever), then have a second program that runs in the background (as a service maybe) pick up the queue entries and execute them.

This gives you two big wins right off the bat: First, your web server doesn't need any special privileges, it just needs to be able to write to your queue. Second, when you later get hacked and decide you want to limit the commands that can be run, the back-end script is the only part you need to change.

Even if you're doing this on an isolated system, that no one can acces from a network, it's still worthwhile to think about security and isolation in every program. These are good programming habits that will serve you well all of your days.

Spring: Forces, Coiled Again!
  • Comment on Re: Calling external programs via cgi on win32

Replies are listed 'Best First'.
Re^2: Calling external programs via cgi on win32
by jamesjyu (Acolyte) on Jul 03, 2004 at 02:35 UTC
    Thank you paulbort, I took your advice, and all is well now.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://371478]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (4)
As of 2019-07-24 07:10 GMT
Find Nodes?
    Voting Booth?
    If you were the first to set foot on the Moon, what would be your epigram?

    Results (32 votes). Check out past polls.