PHPDeveloper.org: PHPBuilder.com: Mitigate the Security Risks of PHP System Command Execution

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

PHPMaster.com: Zend Job Queue

Rob Diana's Blog: Web And Scripting Programming Language Job Trends - August 2011

Job Posting: Options Consulting Solutions Seeks PHP Developer Team Lead (Toronto, Canada)

Job Posting: FireScope Seeks Experienced Web Application Developer/Manager (Dallas, TX)

Kevin Schroeder's Blog: Added (PHP 5.3) job queuing to my WordPress instance

Job Posting: Jacob Group (Recruiter) Seeks Director of Software Development (Lacrosse, WI)

Job Posting: Skillshare Seeks Senior Frontend Engineer (New York, NY)

Job Posting: SoftLayer Seeks Software Engineer - Interface Development (Dallas, Tx)

Job Posting: Company Confidential Seeks Senior PHP Developer (Montreal, Quebec, Canada)

Job Posting: SoftLayer Seeks Software Engineer - Systems Development (Dallas, Tx)

News Archive

Refulz.com: CakePHP evolves to 2.0

Ed Finkler's Blog: The MicroPHP Follow-up FAQ

Rob Allen's Blog: One-to-Many Joins with Zend_Db_Table_Select

Gonzalo Ayuso's Blog: How to protect from SQL Injection with PHP

Community News: Latest Releases from PHPClasses.org

Kurt Payne's Blog: User register_tick_function to profile your code

Chris Hartjes' Blog: How Not to Suck at PHP

PHPMaster.com: Under the Hood of Yii's Component Architecture, Part 2

NetTuts.com: Turbocharge your Website with Memcached

Brandon Savage's Blog: New Rockville PHP Group

PHPBuilder.com:
Mitigate the Security Risks of PHP System Command Execution

by Chris Cornutt January 29, 2010 @ 09:47:19

PHPBuilder.com has a new article from Jason Gilmore on security in command-line applications posted today and what you can do to help protect your scripts from unwanted system command access.

In this tutorial, I'll show you how to securely execute a variety of system-based commands via a PHP script, demonstrating how to build web applications that can tightly integrate with both the operating system and third-party software.

He mentions the proper filtering of input strings (user input), how it can protect your and your application as well as a few examples of using the PHP execution functions (like exec or passthru) and how to apply the shell escaping commands (like escapeshellarg) as a first layer of security.

0 comments voice your opinion now!
system command execution security escape filter

Community Events

Don't see your event here?
Let us know!

All content copyright, 2012 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework