shell_exec() and Security

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rjmatm
Forum Newbie
Posts: 1
Joined: Fri Jan 17, 2003 5:15 am
Location: Gettysburg, PA

shell_exec() and Security

Post by rjmatm »

I am using the shell_exec for a few things. It's very useful, but it also seems like it could be a malicious intruders dream to be able to pass a variable to it.

I was just wondering what types of security issues I should keep in mind when using the shell_exe function.

Any suggestions, tips, techniques?

Thanks in advance for any response.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

avoid user input in shell commands. If unavoidable tripple-check and filter the input.
escapeshellarg() and esp. escapeshellcmd() are usefull for that purpose
Post Reply