N
Norman ELton
Hello,
I am getting started on a project where a central server communicates
with nodes across a network. The central server will be written in
PHP, since most of it will be accessible over the web. The nodes are
not accessible to the end user, so I don't really care what they're
written in, but unfortunately, they need to be able to execute
programs as root.
I figured perl would be a good tool for the nodes, since it's
available on most linux boxes. I realize that running a root daemon is
risky business. What are good strategies to prevent the nodes from
being... misused? For instance, what's a good way to authenticate the
server and the node?
I searched for strategies relating to perl running as root, but didn't
come up with anything conclusive, other than the obvious, don't trust
ANY input. Validate everything.
Any other ideas?
Thanks,
Norman
I am getting started on a project where a central server communicates
with nodes across a network. The central server will be written in
PHP, since most of it will be accessible over the web. The nodes are
not accessible to the end user, so I don't really care what they're
written in, but unfortunately, they need to be able to execute
programs as root.
I figured perl would be a good tool for the nodes, since it's
available on most linux boxes. I realize that running a root daemon is
risky business. What are good strategies to prevent the nodes from
being... misused? For instance, what's a good way to authenticate the
server and the node?
I searched for strategies relating to perl running as root, but didn't
come up with anything conclusive, other than the obvious, don't trust
ANY input. Validate everything.
Any other ideas?
Thanks,
Norman