we use php 4.1 on windows server 2003
we need to execute some exe-file with popen() function or exec_shell()
function of php
this is only running, if the IUSR_ has execute permission on cmd.exe and the
exe file to execute

is it only working this way? giving execute permission to cmd.exe ?
this would be a "no go" in point of security
any other tipp, how to execute safe exe files with php  or asp ?

thankx for any tipp

mike schwarz

[ Post a follow-up to this message ]

On Tue, 21 Jun 2005 16:47:52 +0200, "Mike Schwarz" <ctek@ctek.ch>
wrote:

>we use php 4.1 on windows server 2003
>we need to execute some exe-file with popen() function or exec_shell()
>function of php
>this is only running, if the IUSR_ has execute permission on cmd.exe and th
e
>exe file to execute
>
>is it only working this way? giving execute permission to cmd.exe ?
>this would be a "no go" in point of security
>any other tipp, how to execute safe exe files with php  or asp ?

Execute where, server or client?  Anytime you use Exec_Shell you are
opening a shell command environment, so the user needs access to
CMD.EXE.  You could execute under a different account, depending on
your code, but a command shell is a command shell.

Jeff

[ Post a follow-up to this message ]