||07-27-2011 08:50 AM
Originally Posted by MetaMan
All I wanted to be able to do was stop a daemon (One command!). I know I could do this with, say, ssh, but I wanted to be able to do is access it from an Android phone. Plus, I don't plan on opening the server to the outside world. Plus plus, I would set up something in the .htaccess file (Or something like that) to password protect the page.
Is it still dangerous?
Again, yes. ANYTIME you execute a script from a web page, you open a potential avenue into your system. roastinghosting summed it up well. It doesn't matter if it's one command, twelve commands, or 64 different scripts called one at a time...the potential risk is there.
Again, yes, you CAN do it. You could write it in Perl, and shove it into your cgi-bin directory, and have the program itself prompt you for a password that's unique, before the process is killed/restarted. That way, you can save a link to the perl script itself (easier to run), and still have it protected (only YOU will know the password to it). Still a BIT unsafe, but possible. Personally, since it's an internal application (assuming you're on a VPN or something similar), I'd invest the $1.99 on an SSH client for your phone, and do a keyswap between it and your server. If this process dies/needs to be restarted on a regular basis, I'd probably set up a user just for that, and put something in the .bashrc that would kill/restart it on login.