External applications vs extension dll

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
eirikol
Forum Newbie
Posts: 2
Joined: Wed Jan 07, 2004 9:48 am
Location: Oslo, Norway

External applications vs extension dll

Post by eirikol »

Hi all. I'll take my chances that the problem outlined below is sufficiently advanced for this forum. Let me know if not.

I'm developing a publishing system running on win32 platforms using a mix of PHP and Delphi CGI. I'm planning on moving as much as possible of the engine to PHP, but since this engine is part of a larger office system written in Delphi, I will not be able to get rid of all the Delphi-code (The details here are a long an uninteresting story). Today this is done by executing small console applications through the "exec()" call. This IS working, but I do have a couple of concerns about the architecture:

1. A prerequisite for this setup to work, is that the "Internet Guest Account" (IUSR_SERVERNAME) needs execute rights to "C:\winnt\cmd.exe". This is making me sweat a little bit. A hacker on the wrong side of the firewall can do a lot more harm having execute rights to "cmd.exe"...

2. The performance is not great.

As I see it, the best way to overcome this problem would be to write a dll in delphi, place it in the php extension dir and use that as my own private php extension. How do I do that? Is this even possible?
Other brilliant approaches are of course most welcome too ;)

Am I really the only one worrying about giving the IUSR_SERVERNAME extensive execute rights? Maybe exec() isn't used in production environments? Am I missing something? Confused now. Must sleep.

Cheers,
Eirik
eirikol
Forum Newbie
Posts: 2
Joined: Wed Jan 07, 2004 9:48 am
Location: Oslo, Norway

Post by eirikol »

Got it!

To anyone interested in how to create php extensions with Delphi -check out http://members.chello.be/ws36637/#php

Great stuff.
Post Reply