On Fri, Sep 13, 2013 at 10:31 PM, Jean-Michel Pichavant <jeanmic...@sequans.com> wrote: > ----- Original Message ----- >> I would use something like fabric to automatically login to hosts via >> ssh then parse the data myself to generate static HTML pages in a >> document root. >> >> Having a web app execute remote commands on a server is so wrong in >> many ways. > > Such as ?
It depends exactly _how_ it's able to execute remote commands. If it can telnet in as a fairly-privileged user and transmit arbitrary strings to be executed, then any compromise of the web server becomes a complete takedown of the back-end server. You're basically circumventing the protection that most web servers employ, that of running in a highly permissions-restricted user. On the other hand, if the "execute remote commands" part is done by connecting to a shell that executes its own choice of command safely, then you're not forfeiting anything. Suppose you make this the login shell for the user foo@some-computer: #!/bin/sh head -4 /proc/meminfo You can then telnet to that user to find out how much RAM that computer has free. It's telnet, it's executing a command on the remote server... but it's safe. (For something like this, I'd be inclined to run a specific "memory usage daemon" that takes connections on some higher port, rather than having it look like a shell, but this is a viable demo.) I've done things like this before, though using SSH rather than TELNET. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
