Safely using exec with PHP to run ffmpeg

Question

Safely using exec with PHP to run ffmpeg

I would like to run ffmpeg from PHP for video encoding purposes.

I was thinking about using exec or passthru commands. However, I was warned that the inclusion of these features is a security risk. According to my support staff:

The 'disable_functions' directive is used to disable any functions that allow system commands to be executed. This is for more server security. These PHP functions can be used to hack a server if they are not used properly.

I assume that if exec is enabled, then someone can (possibly) execute an arbitrary unix command. Does anyone know a safe way to run ffmpeg from PHP?

By the way, I'm on a dedicated server. Thanks in advance!

+3

security php ffmpeg

Venkat D. Jun 18 '09 at 2:44

source share

2 answers

ffmpeg-php... : http://sourceforge.net/projects/ffmpeg-php/

0

Mike 07 . '10 21:42

Josiah · Accepted Answer · 2009-06-18T03:01:52+0000

exec per se does not pose a security risk than you enter a secure terminal.

Think of it this way if you were to specify the contents of a directory like this

exec( 'ls /foo/bar' );

no matter what your user sent to your php script, he would only list the specified directory.

While you carefully clean any input from the user and refrain from displaying confidential information, you should be in order.

Use the following methods to sanitize input before running it on the command line:

escapeshellarg () - Escape string to be used as shell argument
escapeshellcmd () - metadata metacharacters

Safely using exec with PHP to run ffmpeg

More articles: