ozefrog
June 23rd, 2006, 11:28
I would like to know how secure the follow procedure to execute a command as root would be, and if any mods could be made to better it, or if a better procedure to do this exists?:
Connect to an SSL enabled website which requires login authentication against an SQL database.
Input and store root password in PHP session information. (some form of encoding)
When command is required to be run by the logged in user, the root password is passed to shellscript on the server.
The shellscript fires off the command using sudo.
Yes, I am aware running root commands from anything other than the console is insecure. How secure would this method be if it wasn't stored in the session information?
Thanks.
Connect to an SSL enabled website which requires login authentication against an SQL database.
Input and store root password in PHP session information. (some form of encoding)
When command is required to be run by the logged in user, the root password is passed to shellscript on the server.
The shellscript fires off the command using sudo.
Yes, I am aware running root commands from anything other than the console is insecure. How secure would this method be if it wasn't stored in the session information?
Thanks.