Quote:
Originally Posted by demia
can you explain a little more "route the command through a CGI or implement checks otherwise" ? (..) only main website can execute commands, no other.
|
Think about it this way: what is it exactly that keeps me, as unauthorized user from executing the command in the webserver and the application? What is it exactly that keeps me, as authorized user, from executing the command in the webserver and the application on any mounted partition?
In terms of restrictions and checks this should be a combination of only allowing certain IP addresses or maintenance ranges access to this part of the webserver, a separate account with a strong passhprase for only certain admin tasks, using HTTPS, narrowing the amount of mountpoints to be selected as umountable. Logging access to this part of the webserver and commands run would be beneficial for recordkeeping.