I wanted to setup a server wherein my clients can edit Apache aliases via PHP script so they don't need to have the root account. All they need to do is edit the aliases via browser.
How can I accomplish such task with PHP?
In order to avoid a security nightmare, you need to have a strict wall of separation between user input and your backend processing. This is important when inserting data into a database; it is even more important when editing important files such as Apache configs.
If you absolutely must do this, the best way is to create two separate processes: the first is the customer-facing side. This will require:
On the back end, you will create a process (perhaps running via cron) which will read the data from the database and re-create the vhost. This process should be inaccessible to the user.
Validation will be the most important part of this entire process. If you allow your users to insert unfiltered or poorly filtered data into your Apache configs, expect bad things to happen.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.