December 2010
Intermediate to advanced
363 pages
12h 21m
English
book
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
by Chris Snyder, Michael Southwell, Thomas Myer
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Summary
In this chapter, we have explored the difficult problem of permitting safe execution of potentially dangerous system commands. There are two ways in which such commands could be dangerous: They could require deep root-level access to the system, or they could be resource-intensive.
Both of these types of dangerous commands can be made safe by forcing the unprivileged webserver user to transfer the dangerous process over to a more privileged user for execution only if and when it is approved.
Remote procedure calls, messages sent from one computer to another requesting some sort of web services, can also represent a potential threat to the safety and security of your server and your applications.
After describing what web services are, ...