From the course: PHP: Creating Secure Websites
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Remote system execution - PHP Tutorial
From the course: PHP: Creating Secure Websites
Remote system execution
- [Instructor] In this movie, we'll learn to protect our PHP code from the most powerful attack of all, remote system execution. Remote system execution is when an attacker gains the ability to run operating system commands on the web server. If they have that ability, they can run any command that the underlying operating system knows how to run. It's the most powerful hack. Fortunately, it's also typically the hardest one to achieve, unless you open up a security hole that allows it. PHP's system execution functions are what allow a code to access the underlying operating system. There are several of them. There's exec, passthru, popen, proc_open, shell_exec, the back tic, and then system. These are powerful commands that break out of PHP to use features of the operating system. Using any one of them is considered a security red flag. The easiest way to stay safe is to avoid using system execution functions at all.…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.