[nycphp-talk] shell_exec security pitfalls?
Dell Sala
dell at sala.ca
Wed Jul 18 21:20:55 EDT 2007
Hi all,
I'm doing some research on using GPG from PHP to encrypt sensitive
data that will be stored server-side. I came across an old but good
article:
http://devzone.zend.com/article/1265-Encryption-and-Decryption-using-
PHP-and-GnuPG
Decryption example from article:
> $gpg = '/usr/bin/gpg';
> $passphrase = 'My secret pass phrase.';
> $encrypted_file = 'foo.gpg';
> $unencrypted_file = 'foo.txt';
> echo shell_exec("echo $passphrase | $gpg --passphrase-fd 0
> -o $unencrypted_file -d $encrypted_file");
They did mention one pitfall related to using shell_exec:
http://devzone.zend.com/article/1265-Encryption-and-Decryption-using-
PHP-and-GnuPG#Heading7
Quoted from the article:
> A second pitfall is in the use of PHP's shell_exec() statement.
> Since you are executing a shell command the passphrase is available
> for all to see due to having to echo it.
How is it available for all to see? Are all shell commands called
from PHP logged somewhere public? This didn't seem right to me, but
maybe I'm missing something. Anyone know what they mean by "available
for all to see"? Thanks!
-- Dell
More information about the talk
mailing list