Web Hosting Talk






PDA

View Full Version : PHP and Control Panels

stratius-webmaster
09-27-2000, 06:57 AM
Recently ive seen alot of companys using a php solution for control panels, and I have toy'd with the idea for about 6 months now. Every way I have tried to make changes that are needed for a control panel it seems absolutly insecure to me. Is there somthing im missing, or is it that all these companys are using realy insecure php scripts just because it makes the customers life easier. If it truely is secure I would love to see some code snipits just so i can ease my curious mind. I know people are realy protective of their code expecialy if it is somthing as usefull as this, but its not like im asking for the whole script or anything I am just wondering how changes like this are made without putting the server security at risk.
JTY
09-27-2000, 11:59 AM
I imagine some are doing it through cron jobs.
Félix C.Courtemanche
09-27-2000, 03:12 PM
Do it safely, always.
its not hard...

use:
ereg() and verify EVERY input from your users make sure EVERYTHING is compatible and work, can'T bug down the server

use encryption and a database backend...

update your system with the latest changes every minutes or so from cron, running the php script that update as root.

That way no need to have apache running as root (wich isnt a good idea)

Verify your customer's identity ALL the time, beffore ANY modification. Verify any input data, etc.

Tell me... how will someone go around that?
platformis
05-27-2003, 07:25 AM
I have no idea how others are doing this,
but i can tell you how we do it :))

GUI (PHP scripts) -> System Service (C Daemon) listening on specific port -> System Tools (perl/C/Bash/Awk scripts)

On this base everything is executed in
'Real Time' ;)

I hope this will help you.
heyzuess
05-27-2003, 06:28 PM
Originally posted by platformis
I have no idea how others are doing this,
but i can tell you how we do it :))

GUI (PHP scripts) -> System Service (C Daemon) listening on specific port -> System Tools (perl/C/Bash/Awk scripts)

On this base everything is executed in
'Real Time' ;)

I hope this will help you.


I started working on a game server control panel and used the same type of setup, except using perl for the daemon, as I don't know C.

;)