Is using shell commands from bad PHP / CGI practice?

Question

Is using shell commands from bad PHP / CGI practice?

Are shell commands justified by a legitimate software interface? In particular, is there something wrong with running bash shell commands on a linux application server from PHP pages or CGI files? Does this mean a question of efficiency or safety?

thanks

+4

linux bash php shell shell-exec

Yarin Dec 26 '10 at 23:38

source share

2 answers

If there is no secure application and server,

0

Teson Dec 26 '10 at 23:42

source share

Digitaloss · Accepted Answer · 2010-12-26T23:44:22+0000

Sometimes OK, but ...

Sometimes this is the best way to solve a problem.

But the following problems are possible:

Security

Watch out for code injection if you are not performing a taint check .

Performance

Running shell commands will include a forking PHP interpreter and making complex and relatively slow system calls . This is normal for a lightly loaded server, but will not work for a busy site.

Synchronization

Ensuring that everything happens in the correct order avoids known issues called lost updates, dirty reads, and incorrect summaries. Although shell commands alone are not the cause of any of these things, running them asynchronously and increasing the complexity of your system will make analysis difficult.

Is using shell commands from bad PHP / CGI practice?

Sometimes OK, but ...

More articles: