Answer the question
In order to leave comments, you need to log in
How to safely execute a command on another server?
There is a task to execute one command on the server, but with different parameters that are formed on another server.
There are suspicions that exec($_GET['command']); bad idea))
The second thought is to break the command parameters into components and transfer them separately, then escape, assemble into a command, and then execute.
At the same time, the possibility of hacking or open source of the former is allowed.
The task is to prevent an attacker, knowing the source code of the receiving script, from executing anything on the receiving server other than the initially executed command.
There are two questions:
1) If we break it into separate parameters, then what needs to be escaped in the incoming data so that the injection does not work (we end the command, for example | with this character and write anything in continuation)
2) Maybe there is an alternative way to safely execute commands from one server to another? (Certificates, keys or other magic)
Answer the question
In order to leave comments, you need to log in
I would use a chip with a check-sum of the line, as with payments. open code of the command (can be sewn in base64) and a separate hash variable. and on the receiving side, look at the correct hash or not.
You can form a command on the first server and run it entirely via ssh, logging in with a key.
Servers are connected in one locale?
If yes, then via ssh.
For example, my cron task hangs from one server to another:
@reboot ssh 192.168.1.1 'mysqladmin flush-hosts -pkWz46ezyRc' >/dev/null 2>&1
where 192.168.1.1 is the local IP of another server where to execute the command mysqladmin flush- hosts
Yes, even if they are not connected, then in the same way with a password, and so on. And on that server, open access from the IP of another server for ssh
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question