Php/web Programming Noob/running Executables

[QuoVadis]

Hi all. First post in these forums. I am an experienced C/C++/Java/C# programmer but have never done any web development. I have a pretty basic question about running executables on a server via php. I gather this is not a good idea, basically. I have some (large-ish) programs written in C that I would like to execute and get the results into a browser. Is there a 'safe' way of doing this? I would really rather not reimplement my programs in php if I can possibly avoid that.

[trq]

If they are programs that can be invoked via some form of shell you can use one of the exec family of functions.

 

Otherwise, if they are written in C, you might like to turn them into PHP extensions (though this will be a fair bit more work).

[QuoVadis]

Thanks for your prompt reply. As I understand from my currently limited knowledge, there are potential security issues with using the exec() functions? That's the bit I am concerned about.

 

Cheers

[QuoVadis]

Thinking about this some more, it could be that the problem exists when you allow users to enter the filename of the exe in a form. That wasn't what I intended doing but I can see how that would be a massive issue.

[DavidAM]

If the executable name or any parameters that will be passed are supplied by the user, then you have potential security issues. You must validate all user supplied data to make sure it is expected and acceptable.

 

Keep in mind that your hosting provider may put restrictions on you that either prevent running executables, or require them to be in a "safe directory" or limit the CPU or memory resource usage.