Exec functions (using securely)

pjsmith

To prevent various exploits, permissions for various files on my windows server are tied down. cmd.exe for example, cannot be accessed by the IIS anonymous account. By the amount of attempts we get, this absolutley has to stay this way. Unfortunately, these restrictions seem to prevent the php4 exex functions working. Most of the restrictions were put in place by the IIS lockdown tool.

Is there anyway to allow the exec functions for work whilst keeping the system secure?

Thanks

phobos

try these; If you are going to allow data coming from user input to be passed to this function, then you should be using escapeshellarg() or escapeshellcmd() to make sure that users cannot trick the system into executing arbitrary commands.

http://www.php.net/manual/en/function.escapeshellarg.php