www-data execute iptables
Hi all,
I have a biiig question for you guys. What's safer, to give www-data root permissions to iptables to execute some rules or to give www-data root permossions to a script made by me, that executes the rule and recives the ip from the page? Or do you have another safer ideas for doing that? (Perl, CGI, etc.) All i want is to execute an iptables rule from php. Thanks, Mihai |
If any part of the data is being submitted or sent by a webpage check your data very, very carefully check the data to make sure it is what you're looking for and only what you're looking for.
I'd be more inclined to write out a text file with just the 'variable' information in it and have a cron'd script read the file, validate the data, and execute the iptables command if necessary (and that has nothing to do with php, perl, or cgi... it' just a bit safer imo then letting a webapp call a system utility directly.) |
Quote:
|
All times are GMT -5. The time now is 07:24 AM. |