I'm developing a publishing system running on win32 platforms using a mix of PHP and Delphi CGI. I'm planning on moving as much as possible of the engine to PHP, but since this engine is part of a larger office system written in Delphi, I will not be able to get rid of all the Delphi-code (The details here are a long an uninteresting story). Today this is done by executing small console applications through the "exec()" call. This IS working, but I do have a couple of concerns about the architecture:
1. A prerequisite for this setup to work, is that the "Internet Guest Account" (IUSR_SERVERNAME) needs execute rights to "C:\winnt\cmd.exe". This is making me sweat a little bit. A hacker on the wrong side of the firewall can do a lot more harm having execute rights to "cmd.exe"...
2. The performance is not great.
As I see it, the best way to overcome this problem would be to write a dll in delphi, place it in the php extension dir and use that as my own private php extension. How do I do that? Is this even possible?
Other brilliant approaches are of course most welcome too
Am I really the only one worrying about giving the IUSR_SERVERNAME extensive execute rights? Maybe exec() isn't used in production environments? Am I missing something? Confused now. Must sleep.
Cheers,
Eirik