Posted by Steve on 10/07/05 00:10

> Unfortunately that is not the case. The provider does not allow
> storage outside of the docroot, else, that would of course solve
> everything as all of the TCL scripts would work outside of the docroot
> in that case.

Fair enough. Making this setup more secure must depend on where you
think the threat is coming from and how likely further exploits are.

If your hacked script was exploited randomly from the web with no
internal knowledge of how the form data would be used, you could just
use something simple like a password on the command line. That could
only be exploited by someone on the same server spying on ps (for
example.) I'm not sure you have really got to the bottom of how your
script got exploited so effectively to the extent that a payload was
delivered to your filesystem and executed (is that what happened?)

So I would recommend setting up a shared secret for both scripts. Pass
whatever arguments are required in clear on the command line plus a
hashed* combination of all the arguments and your password. The tcl
script should recreate this value and compare it with the passed
argument, rejecting the whole request if it doesn't match.

I can offer the PHP side, over to comp.lang.tcl for the other end...

$secret = "I like cheese";
$args = "$arg1 $arg2 $arg3 ";
$hash = md5( $args . $secret );

exec( "/path/to/tclscript $args $hash", $result );


*Yes, I know md5() could be compromised but, really, life is too
short...

---
Steve

[Back to original message]