More safely maybe, but even that solution could be exploited somewhat
easily. The script that writes the file would be better off as a CGI
than executed through the Apache module, this would allow you to
restrict write access to the directory where the file that triggers the
restart is stored to the owner of the script, you could then further
restrict access to this script through .htccess or other means. If you
make a file trigger a cronned job to restart the server if you are using
mod_php the directory must be writable to the user the web server runs
as which means that anyone who can execute php code through the
webserver can trigger a server restart by writing the file, you could
even cron it to write the file every minute effectively shutting the
server down (whether it be web or the actual system itself).
Doing something like this takes a lot of thought, it can be made
difficult to exploit but you need to do more than just make a cron
pickup a file, excellent starting place though.
Jason
Dan Anderson wrote:
Search the archives. Somebody wanted to restart their server using a
web page, and a clever solution was pointed out. By creating a script
that monitored for a particular file in temp and restarted the server if
it existed it, and cronning it for every minute, they could do it safely
and securely.
-Dan
On Tue, 2003-09-02 at 12:19, Joe Harman wrote:
Hey guys & gals...
Is there a way to restart Apache with a PHP command?
Joe Harman
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
