|
|
Posted by Richard Lynch on 10/04/78 11:10
> I'm really not sure what you're asking here. I've created a limited
> access user account on a remote host so that I can kick off some things
> on the remote host by hitting a web page. Access to the web page is
> protected via SSL and user authentication. The things which are
> executed on the remote host are special purpose programs I am building,
> not general commands, and no place does the web page provide a user
> direct control over what programs are run.
Your setup now:
Server A: Authenticates User SSL -> runs PHP -> runs su -> runs SSH to
Server B
Server B: Authenticates User SSH -> runs command
My sugggested solution:
Server A: Authenticates User SSL -> runs cURL -> Server B
Server B: Authenticates User SSL -> runs PHP -> runs command
IE:
*MOVE* your PHP script that runs the command to Server B.
Use SSL on both A and B
Use cURL from A to B to authenticate.
B runs PHP which runs command.
You've taken out all the su and SSH stuff between A and B with no real
loss of Security.
You already know how to do everything in my suggested solution, except
maybe cURL, which would take you an hour to figure out, max.
I guarantee you that if you do this, you'll have a lot less headaches, now
and in the future, and a lot cleaner/clearer code-base.
Maybe having the PHP script on Server B is impossible. That's the only
reason *not* to do it this way.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|