I would like to know how secure the follow procedure to execute a command as root would be, and if any mods could be made to better it, or if a better procedure to do this exists?:
Yes, I am aware running root commands from anything other than the console is insecure. How secure would this method be if it wasn't stored in the session information?
Thanks.
- Connect to an SSL enabled website which requires login authentication against an SQL database.
- Input and store root password in PHP session information. (some form of encoding)
- When command is required to be run by the logged in user, the root password is passed to shellscript on the server.
- The shellscript fires off the command using sudo.
Yes, I am aware running root commands from anything other than the console is insecure. How secure would this method be if it wasn't stored in the session information?
Thanks.
