Tracking Forums, Newsgroups, Maling Lists
Home Scripts Tutorials Tracker Forums
  Advanced Search
  HOME    TRACKER    PHP


SuperbHosting.net have generously sponsored dedicated servers to ensure a reliable and scalable dedicated hosting solution for BigResource.com.





Securing Data Between PHP Script And Exec'd Compiled 'C' Program


I'm using RSA Securid Tokens, and I'm going to write a little 'C' program that takes as input the userid (i.e. "jsmith") and the number displayed on the token (i.e. "123456") and returns a result code indicating whether authentication is successful.

The compiled 'C' program will be called from a PHP script.

I know that if I pass the parameters on the command line, i.e.

authenticator jsmith 123456

the parameters are world-visible (via "ps -Af", for example) and this is an
information leak.

<BEGIN QUESTION>
How can I pass things securely between the PHP script and the exec'd program?
<END QUESTION>

One way I suppose I could always use is to create a file from the PHP script and then just pass the filename to the program (assuming permissions and UID/GID were all set up correctly).

But is there a more elegant way that doesn't create files, such as pipes or shared memory?




View Complete Forum Thread with Replies
Related Forum Messages:
PHP Running Exec() Windows Program Very Slow In Comparison To UNIX Equivalent Program
Does anyone have an explanation or solution for the following.
I have a PHP script that uses exec() to call a program to do certain
calculations.

The UNIX version of this program I call runs in about 4 to 5 seconds.
When I run the same PHP script using exec() to call the Windows equivalent
of this same program on my Windows desktop, it takes about 32 seconds....

View Replies !
Cannot Get The Program To Run At All Through Exec
I downloaded the program called Snapshotter which allows you to take screenshots of webpages through the command-line. Server is Win2k3/XP (live/local). I cannot get the program to run at all through exec

while the same directory/permissions for ffmpeg run fine. I cannot even get it to spit out the default output you get if you run it without arguments. exec("dir") works fine, but exec("c:lahSnapshotter") doesnt return anything. Registered the path in the PATH environment and still no luck, yet exec("c:lahffmpeg") works fine and returns data.

View Replies !
Exec Wont Run A Cpp Program
I'm trying to get Zonminder up and running on FC4 One of the asso programs is zmu.cpp - compiles fine. And runs from the command line IE. /u/l/b/zmu -help returns Usage. zmu -m 2 -z (real cmd) from cmd line does what it should do. However (in xx.php) exec ("/usr/local/bin/zmu -m 2 -z", $ret); doesn't.

From what I can tell it doesn't even enter the program. Permissions are 755. If I change the exec to ("ls") - works, date - works. I've compared "env" - nada. SafeMode = Off. Is there ?anything? else that might cause my problem?

View Replies !
Exec A Commandline Program
I made a topic about this before, but got one post helping, and nothing more, even though the post did not solve the problem. I need help uploading a file and sending it to a commandline windows executable. The program is called nconvert.exe, I will be uploading dds textures and converting them to bmp pictures, then immediately offering them back for download, not storing them on the server. The command to convert a file is this: nconvert -out bmp %1 %1 being the file passed to the executable. 

View Replies !
Exec() Call To External Program
We are trying to use the exec() or system() calls in a php script. The program we are trying to call takes 1 parameter in the form of: email@domain.com[usercode]

There are no spaces in the parameter at all and we have tried placing quotes around just to see if it mattered. We have also modified the parameter just to send it hello. Here is what we get: With no parameters the php script executes the program where it displays the error message from the program stating that not enough parameters were supplied. We then add the word "hello" to the end after a space so the command looks like this: command "hello" and the program no longer executes at all. No matter what we do, if we supply an argument to the command the php code will not execute the program.

View Replies !
Php Exec To C Program That Writes File
I'm trying to use the exec() call in php to run a program that I've
written and compiled from C. This program attempts to create a new
file and write data into it.

If I simply run the program from the shell, it writes the file no
problem. If i run the program through an exec call in a php script,
however, the program executes but it seems to not have the correct
permissions to be able to write the file.


View Replies !
Use Exec To Run The Program Directly From The Server.
I have an image manipulation program that is run from commandline, I have never used exec before and I'm scared to becuase I don't want to mess up my server or anything.  Basically, I want people to be able to upload an image, then arrange for some manipulations to take place on the file in a temporary batch file, then use exec to run the program directly from the server.  The program is called nconvert.exe, and the main thing I want to do is convert DDS textures into BMP files, the command, from Windows "cmd" is:

nconvert -out bmp %1
%1 being the dds file to be manipulated.

How would I go about doing the exec part?  I know how to do the upload, but not the exec.

View Replies !
Exec() - Running An External Program From Inside PHP.
I'm having difficulties running an external program from inside PHP. I'm trying to create thumbnails using ImageMagick's convert utility using the following program: PHP Code:

View Replies !
PHP Exec Calls A C Program That Creates A File
I'm using exec to call a compiled C program that creates/writes to a
file...However this doesn't seem to be working....
I tried setting all the permissions to 777 but still nothing...?

View Replies !
Launching A Program With Exec & Pstools/psexec.exe
I am trying to launch a program with PHP code. I am running Apache on Windows XP SP2. Code:

View Replies !
Exec Command Executing The Program In The Background
i am running xampp on my computer from apachefriends.org, it's a apache server

this is the php script

<html>
<head>
<?php

exec ('notepad');
?>
</head>
</html>

but when i execute the php script on my computer , notepad doesnt not run

i used a process viewer and discovered that notepad is running in the background and i cannot see it

does anyone know how NOT to make it run in the background? i wan to see the notepad window on the apache server (my computer)

View Replies !
Call Exec To Run An External Program Through A Form
I have problem with "Exec" function in PHP5. When I call Exec to run an external program through a form, it fails but when I run my PHP page by PHP interpreter like: PHP MyPHP.php it just works fine and external program executes successfully.

View Replies !
Sending Data Form A Vb Program To A Mysql DB
Hello, as this falls under both VB and PHP I have posted this into two
newsgroups (this is the first time I've done this so if it is mucked up
then I'm sorry).

Anyway I want to make some simple games with in VB 6.0 and then I want
the highscores to go to the server (which uses PHP and MySQL). And if
its possible I would also like the highscores to be viewable on the
program AND on my site.

PHP Part:
I think I need to set MySQL up so it can be accesssed from outside of
the server, but I'm not sure.

View Replies !
How Do I Send Binary Data From To A Client Program (now A Web Browser)?
I have a little client program on a window PC that connects to a HTTP server. The client program send POST command to the server and a PHP script needs to get the data from the client, process it and then return other data to the client program.

View Replies !
Warning: Ftp_exec() [function.ftp-exec]: SITE EXEC Is An Unknown Extension
This is kind of a part II to a question a posted earlier about exec and shell_exec not working.

I'm trying to use ftp_exec to execute some simple command:

$conn_id = ftp_connect("$server") or die ("Cannot initiate connection to host");
ftp_login($conn_id, "$username", "$userpass") or die("Cannot login");
$command = 'cd..'
if (ftp_exec($conn_id, $command)) {
   echo "$command executed successfully";
} else {
   echo "could not execute $command";
}
ftp_close($conn_id);


I'm getting the following error:

Warning: ftp_exec() [function.ftp-exec]: SITE EXEC is an unknown extension in /home/urieilam/public_html/work/video/test1.1.php on line 21
could not execute cd..

Have tried other commands as well, get the same. Could this be a security issue or something to do with p Safe Mode? I don't know much about commands, shell, etc..

View Replies !
Iso PHP 5.0 Compiled On Mac OSX 10.2.8
I'm looking for a binary version of PHP 5.0 (official release)
compiled on Mac OSX Jaguar 10.2.8.

View Replies !
Compiled Var Name
I've got a massive grid of checkboxes being submitted into a script, they are in the form of name[id] where there are lots of names and lots of id's. In my receiving script, I have every variable being created and assigned to a var, such as..

$var = "_POST['auth_read[52]']";

My question is, how can I revert this around to get the value of $_POST['auth_read[52]'].

View Replies !
Compiled GDLib....
anybody had a compiled gdlib for windows. curently i'm using php 4.2.0 and run at personal web server and using windows 98.

View Replies !
As Cgi With Php 4.4.2 Compiled From Source
I am trying to use php 4.4.2 as a cgi scripting language. I am running
a self-built linux distribution, with php 4.4.2 compiled from source.
I am using the busybox web server, which doesn't have the ability to
incorporate php as a module.

The problem I am having is that php is insistent about sending

X-Powered-By: PHP/4.4.2
Content-type: text/html

at the start instead of

HTTP/1.0 200 OK
Content-type: text/plain

Any way I can get php to quit doing what it's doing and do what I think
it should be doing?

View Replies !
Compiled Php Programs
Is it possible to compile php source to create a binary? I am thinking along the lines of building an application for folks, but do not want them to have access to the source code. I like php and perl, but am not sure if there is a way to "secure" my programs if I
use them.

View Replies !
PHP Compiled To Use MSSQL Required
I have a requirement where my database is in MSSQL and i have to use PHP and apache to generate reports from it. I am good at PHP thats why want to go ahead with it.

Will there be any problems if i use php with mssql and apache?

I have learnt that PHP has to be compiled with MSSQL support to use the mssql functions. Where can i get a compiled version of php for the same. Will the normal php available for download work with mssql as well?

View Replies !
[PHP4.3] Are Not-used Functions Compiled By PHP?
[concerning PHP4.3]

I have an includefile that I (ahum) include in many scripts.
It contains only functions I need now and then.

Now I was wondering how things work behind the scenes.
Is the whole file loaded and compiled/interpreted every time a php-file is
used that includes this file?
That would be an unwanted extra load for my server.
If so, I should consider splitting up that file in some smaller files, but
that is of course extra overhead for me.

I have no idea how this works.
Can anybody enlighten me?

View Replies !
Encryption Using With Nothing Special Compiled In
I have plain vanilla PHP (bcmath is the only thing special I'm aware of). I
don't have mcrypt compiled in.

Are there any functions that can be used for reversible encryption?

(I have thought about how I would choose the key -- that isn't an issue.)

I'm only interested in [reversibly] encrypting a 192-bit AES key that will
be stored in a database. I'm not interested in encrypting large amounts of
data.

View Replies !
Does Php.exe HAVE To Be Compiled To Support LDAP?
After reading what php.net has say about enabling LDAP functionality, I'm a bit leary of trying to enable this w/o a few answers. I've uncommented the php.ini line for enabling LDAP extensions but phpinfo() still reports nothing about LDAP.

Setup:
Win2K3 Server
SQL Version     MYSQL (5.0.37-community-nt)
PHP Version    5.2.1 (apache2handler)

1) Does php.exe HAVE to be compiled to support LDAP or do I just need an extension enabled?

2) If indeed it does have to be compiled is there an easy way to acquire PHP with LDAP already compiled?

View Replies !
Passing Arguments To PHP Compiled As A CGI Binary?
I searched for the answer to this, but found nothing.

Lets say I have a file called test.php, and in it:
PHP Code:
#!/usr/bin/php

View Replies !
Uninstalling Compiled Php4 Install...
An old pet peeve of mine with *nix has reared its ugly head - the total
lack of uninstall on compiled apps. After compiling php4 on debian,
I've had some problems and would like to completely remove it. Make
uninstall doesn't work, and I can't just go around removing the files
as the various db's (locate, whereis, etc) won't be updates - and
should I install a packaged version, it would be a disaster.

View Replies !
Compiled C-language CGI-BIN Programming With MySql
Because I have some heavy number-crunching scientific applications, I'd like
to program using the C language, CGI-BIN, and with MySQL (using its
C-language interface).

Is there anything I should know? For example, when Apache runs a CGI-BIN,
is there anything special about the environment (memory limits, etc.)?

Is the paradigm I proposed workable?

View Replies !
Rotate Info Compiled From Mysql
I can collect up to date info from mysql tables and display them without any troubles on my page. However, it takes up a lot of space, so I would instead like to rotate the information, say 10 seconds for each section.

Now, I'm able to use a javascript/scrolling script that I found to do this job for plain text and it parses php as well, but I can't seem to get it working when I'm querying the database.

View Replies !
Can PHP Code Be Compiled Or Secured From Human Reading?
In the case we have to put our code on a laptop (now done with PHP-MySQL-Apache) it still is readable by anyone, also if stolen (for example). Now client wants to have an executable (exe / compiled) version (ie Delphi). What are options to use same code?

View Replies !
Warning: Exec() [function.exec]:
I'm using PHP Version 5.0.4 in IIS5, Window 2003. When I execute my script, it prompt me the following error :

Warning: exec() [function.exec]: Unable to fork [ping 10.8.1.70] in c:Inetpubwwwrootswitch.php on line 62
Below is my script :

<?php
$line1 = exec("ping 10.8.1.70", $output);
exit;
?>

View Replies !
Securing
I have quite a large forum (14,000 users) based on php4 BSD and dedicated server, *problem* 3-4 times a week i'm having files deleted, ie. index.php, and the sql back-up, I have full root access & my host hosts the mysql...if anyone has any tips on how I can secure my code & server i'd be very greatful, it's getting to be a **real** pain in the $£%£%£$£%!.

View Replies !
Securing Mysql
Hello, I would like to create a database to control all my passwords, is there anyone who can tell me the best way to secure a database in mySQL. I think i will use php and .htaccess to control the db but i'm not sure that mySQL is well protected to fight against external access.

View Replies !
Securing A Page
i have a secured folder on my web site which only the staff can view, under that folder there is a page which has some links. I am trying to secure one of the links so that only i can view that page. this is how i am doing itthis code goes on top of the page i am trying to secure):

if ($PHP_AUTH_USER != "somename" || $PHP_AUTH_PW != "somepassword"){
header('WWW-Authenticate: Basic realm="Customer Email Broadcast"');
header("HTTP/1.0 401 Unauthorized");
echo "<H2>Authorization needed to view this resource.</h2>";
die;}

but i cant get it to work cos i think the browser is mixing this password with the secured folder password. is there a better way to achieve this or am i doing some thing wrong.

View Replies !
Securing Variables...
I have been searching and searching for a fail proof method of securing my variables... I don't know if I have quite gotten there yet... I can use mysql_real_escape_string() to secure $var going into the DB. I can use stripslahes() for stuff coming out fo the DB.

What should I use to Secure $_POST and $_GET $vars until they get to the DB?
Should I $var = addslashes($_GET['var']); or $var = htmlspecialchars($_GET['var'], ENT_QUOTES);. But I also should have a separate check for $vars like $id to make sure they are actually a #.

View Replies !
Securing Sessions
I am creating a login script that will use sessions.  Since I am not dealing with very personal information or financial data, I think it is something a beginner (sort of) like myself can do.

To prevent session hijacking I understand I should use a token with the session identifier.  According to Chris Shiflett here http://shiflett.org/articles/session-hijacking , I should propagate the token differently then I do the session identifier.  He recommends "propagating the session identifier as a cookie and the token as GET data".

View Replies !
Securing $_GET
Are there any tutorials on this?  Basically, I want to make it so people can't type in the URL to delete a record and whatnot.

Also, what are your thoughts on using $_SESSION instead of $_GET to navigate records?  For example, use $_GET to set the session and use the session thereafter to do the queries.

View Replies !
Securing Script??
I need some help with making my site secure. Using php and mysql Im totally new to php and mysql but have been doing ok with it all so far.

Apparently my sites scripts arent secure and I have no idea where to start to fix this. Is there anyone out there who would be willing to take a look for me and help me fix this problem?

View Replies !
Securing A Site
I have my new CMS site up and now want to make sure that it is relatively secure. Is there a re "rule of thumb" for how to set directories and files? Right now I have alot of files that are set to 755/777 and I know they have to be changed but I'm not sure which ones and still allow the site to operate. I know that every site is different but I'm just looking for some general guidelines.

View Replies !
Securing My Code
So I am coming up to the end of a project now and almost everything works fine bar a few bugs here and there that I am ironing out.

But now I am starting to prepare for packing it up to send off but i want to secure my code for obvious reasons.

I am just wondering if some people can give me some good basic things I should have in my code to secure it.

Things that I should include in my SQL code, functions, vars, if statements etc to ensure it’s secure. I am not looking for big scripts or anything just some of the fundamental things that should be always done to secure it down.

View Replies !
Securing Some Code
I've been creating a script for a friend and was wondering whether or not this was perfectly secure. At another website they said it was but I'd like the opinions of a bunch of people. Code:

View Replies !
Securing A "
I am not in love with such tools; however it's a requirement so I will build mine! Aside checking for well formed URLs. I would like as a first level of security for the lient's site checking a "link suggestion" against a list of well-known spammers/porn/gambler etc.
I do not know where to start looking for.

View Replies !
Securing A Php File
I have a small php/mysql app. For that app I have a file called appglobals. php. In that file is a bunch of stuff, including variables used to define the user name and password for the mysql database.  By including this appglobals.php file in all files that need access to the db, I only have to maintain the db info in 1 place.  For security reasons I like to place my appglobals.php file one leve above the site root. if the site root is "httpdocs" I like to put my appglobals.php one level above that directory.

Normally this works fine, but my new web host doesn't allow files to be placed in the same location as "httpdocs." I could move my file into the root, but that's less secure. I can't put my file one level above the root, I'm wondering if anyone has suggestions as to what to do next. I have to put my file in the httpdocs directory, so what's the best way to secure the file there yet still make it available to my app?

View Replies !
Securing PHP On An IIS Server
i have installed php 4 on my development server (windows 2000 server, IIS 5) and its all working fine. However im not a php developer (but am a asp.net developer) and im wondering what steps i should take to secure my php server running on IIS.

View Replies !
Securing Pages
I've created my own login system. I have all protected pages using sessions for security. If the session doesn't exist the user is directed to the login page. I just want to know if this method is recommended (or not) and if there is anything else I should be doing to secure the protected pages.

View Replies !
Securing Code
to secure my code from redistribution, my code has PHP and Javascript both in it. I know I can encrypt my php code with zend but never did that and also concern with my Javascript code as that will not encryopted.

View Replies !
Securing E-mails
I have a form located on my site where the transmitted information needs to be secure (i.e. sensitive information). I am using the php mail() function through the SMTP server on Microsoft IIS 6.0 to deliver these messages to one specific e-mail address. I currently have SSL installed and located on the pages that house the forms however I need the email to be encrypted to the recipient and then for them to decrypt the information.

View Replies !
Securing Php Forum
I'm setting up a comments system on a site, with the comments stored in a mysql database. To prevent sql-injection, I run mysql_real_escape_string() on ingoing data. This should be enough to protect the database (tell me if otherwise), but I'd like to prevent people from posting Javascript and other malicious html.

View Replies !
How To Call *.exe Program From Php Program
I have a php program, and from that program I wanna call C program that counts number of visitors on my page.

This is a piece of my program:

View Replies !
PhpMyAdmin (securing My Computer)
I am worried about other people accessing my computer. right now i am in config mode in the config.inc.php file. If i switch to HTTP mode, how do i setup .htaccess. I am a web/programmer newbie and im not sure where to start. i read through the howto about htaccess and got nowhere. from what i understand they said not to use htaccess if you don't have to.

View Replies !
Securing Images (what Method?)
I'm in the middle of quite a large project which allows my client to:create there own questionnaires (web forms)have people fill in them inview the responses to the questionnaires in a reportreports contain graphs which are images, most likely pngs

What I'm going to implement is a feature where a report is generated by taking a "snapshot" of the responses so far. So under any single report can be a number of snapshots. Fine. I have two reasons for using this snapshot idea:This way you won't have to wait around while the server generates a report. You only wait when creating a new snapshot. Graphs and report data that normally have to be dynamically generated can be cached.my client will be able to take several snapshots and see how the responses change over time.

Now my problem is that reports have to be private. They should only be accessible via an administrator password, that is hard coded into the application, and a guest password that will be stored in database, specific to each report (not to each snapshot).

To achieve this I thought that each snapshot would actually be a PHP file prefixed with security checking code at the top and containing the report itself below which is only shown if the user is correct (i've done all this stuff before for the system extranet). This way I can secure the report file itself. But that leaves the issue of the images (graphs) that the report uses. It would still be possible just to request these with the correct URL.

Basically the graphs for a snapshot have to be made private to the PHP file that shows that snapshot. So the only solutions I can think of for this problem are:store the images as a BLOB in the database This is not that desirable because there is a performance overhead doing this (which is one of the main reasons for having snapshots in the first place) and also its quite complicated to do. But it would secure the application so it would in that sense WORKsecure the folder with apache htaccess rules.

I know you can restrict image downloads to certain referer URLs but that can be spoofed. Could I use HTTP authenication for this? Of course then PHP would have to do the authenication automatically. My knowledge on Apache is limitedImage filename (and thus URL) obfuscating / tokening.

Not really that secure, or it is? I suppose I could store tokens for each image in the database. Thoughts?Storing images outside of document root. Would like to avoid this if possible.Basically I'm not sure what to go for or if there are any other better ideas out there. Ultimately I'm on a tight deadline here so I need something that doesn't take too long to implement and certainly doesn't require me to learn something new.

View Replies !
Securing Php Scripts And Possible Cart
im placing a secure folder for example http://www.domain.com/secure to be https://www.domain.com/secure how would i do that? and how would i correctly use php scripts in that folder to process csr's and keys?

View Replies !
Problem Securing Web Services In PHP
I'm trying to get https to work for Web Services in PHP. I've
installed PHP 5.0.5 with the following configuration line:

../configure --with-mysql=/usr/local/mysql
--with-apxs=/usr/local/apache/bin/apxs
--with-gd=/usr/local/src/
--with-gd --with-freetype-dir=/usr
--enable-gd-native-ttf
--enable-gd-imgstrttf
--with-jpeg-dir=/usr/lib
--with-png-dir=/usr/lib
--with-zlib
--with-lib-xml
--with-lib-xsl
--enable-soap
--with-open-ssl
--with-curl=/usr/local/bin/curl
--with-curlwrappers

I'm able to open https streams with fopen, I've even connected to WSDLs
with fopen and https. I'm able to open and use non-https web services
with the SoapClient. I am unable to open any https web services with
SoapClient. For example, trying to run this script:
http://playground.jwscripts.com/php...dwords-api.phps results in
a fatal exception on my server. Unfortunately I'm not at liberty to
divulge the URL for the server. But, here is the (doctored) output:

SoapFault exception: [HTTP] Could not connect to host in
/usr/local/apache/sites/website.com/htdocs/soap/soaptestscript.php:39
Stack trace:
#0
/usr/local/apache/sites/website.com/htdocs/soap/soaptestscript.php(39):
SoapClient->__doRequest('__soapCall('estimateKeyword...', Array, NULL,
Array)
#2 {main}

View Replies !

Copyright © 2005-08 www.BigResource.com, All rights reserved