Hi,
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
The PHP pipe manipulation functions (such as popen) were suggested to me.
Where can I find out more about pipes, specifically:
a)How to use the C library calls to manipulate pipes?
b)The Linux API (below the C library)?
I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.
I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.
Thanks. 17 1525
David T. Ashley wrote:
Hi,
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
The PHP pipe manipulation functions (such as popen) were suggested to me.
Where can I find out more about pipes, specifically:
a)How to use the C library calls to manipulate pipes?
b)The Linux API (below the C library)?
I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.
I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.
Thanks.
I don't know Linux resources but have you tried PHP.net? http://www.php.net/manual/en/function.popen.php
David T. Ashley wrote:
Hi,
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
The PHP pipe manipulation functions (such as popen) were suggested to me.
Where can I find out more about pipes, specifically:
a)How to use the C library calls to manipulate pipes?
b)The Linux API (below the C library)?
I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.
I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.
Thanks.
I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.
As for using pipes - if you've never used them before, you're going to
need to do a fair amount of reading. The api's aren't complicated, but
handling errors without hanging can sometimes be tricky.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
David T. Ashley wrote:
Hi,
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
The PHP pipe manipulation functions (such as popen) were suggested to me.
Where can I find out more about pipes, specifically:
a)How to use the C library calls to manipulate pipes?
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets() and getc(). To
write to stdout, you use puts() or printf().
If you have a working program already, chances are you can just pipe
data into it and get stuff back out.
"Chung Leong" <ch***********@hotmail.comwrites:
David T. Ashley wrote:
>On a Linux platform, I have the need to call a compiled 'C' program from a PHP script (to do some special authentication), and to keep the information passed from the PHP script to the compiled 'C' program secret, i.e. the information should not be passed on the command-line.
The PHP pipe manipulation functions (such as popen) were suggested to me.
Where can I find out more about pipes, specifically:
a)How to use the C library calls to manipulate pipes?
The standard C library does not include support for pipes (unless you
count the handling of stdin and stdout, but that requires some
external process to set up the pipe).
There are functions under Unix-like systems, including Linux, for
creating and manipulating pipes, but questions about them are
off-topic in comp.lang.c.
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets() and getc(). To
write to stdout, you use puts() or printf().
Never use gets(). It makes it practically impossible to avoid buffer
overflows. fgets() is a safe alternative.
--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Hq******************************@comcast.com. ..
>
I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.
It is my understanding that all command-line arguments are visible to all
processes. Try "ps -Af" on a Linux system.
Dave.
David T. Ashley wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Hq******************************@comcast.com. ..
>>I guess I don't understand the problem with passing it in the command line. If it's a process-to-process communication, it won't be visible anyway.
It is my understanding that all command-line arguments are visible to all
processes. Try "ps -Af" on a Linux system.
Dave.
For as long as the program is running, and I think only if you're an
admin (but I could be wrong on that).
But who's going to have ssh/telnet access to the system? And how long
is the program going to run?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Jerry Stuckle wrote:
For as long as the program is running, and I think only if you're an
admin (but I could be wrong on that).
But who's going to have ssh/telnet access to the system? And how long
is the program going to run?
A simple script could save the command line argument in a
evil.example.org server (it's very hard to hide it but it could be
inserted in other program or simply replace it).
I suggest to use encrypted environment variables or simple environment
variables for a lower security level.
Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!
Extract from man gets
BUGS
Never use gets(). Because it is impossible to tell without
knowing the data in advance how
many characters gets() will read, and because gets() will
continue to store characters past
the end of the buffer, it is extremely dangerous to use. It has
been used to break computer
security. Use fgets() instead.
and getc(). To
write to stdout, you use puts() or printf().
SadOldGit wrote:
Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.
Chung Leong wrote:
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets().
MSDOS lost pipes? When did that happen?
"Chung Leong" <ch***********@hotmail.comwrites:
SadOldGit wrote:
>Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.
No, it's ok to use gets().
--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
In article <ln************@nuthaus.mib.org>,
Keith Thompson <ks***@mib.orgwrote:
>"Chung Leong" <ch***********@hotmail.comwrites:
>SadOldGit wrote:
>>Chung Leong wrote: Google "stdio.h". To read from stdin, you just do it as though you're reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!
It's been a while since I last use the stdio function :-) I vaguely remember that the command-line in MS-DOS has a certain limit, so it was actually OK to use gets(). scanf() was the one to avoid.
No, it's ok to use gets().
They'll get you for that.
Keith Thompson <ks***@mib.orgwrites:
"Chung Leong" <ch***********@hotmail.comwrites:
>SadOldGit wrote:
>>Chung Leong wrote: Google "stdio.h". To read from stdin, you just do it as though you're reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!
It's been a while since I last use the stdio function :-) I vaguely remember that the command-line in MS-DOS has a certain limit, so it was actually OK to use gets(). scanf() was the one to avoid.
No, it's ok to use gets().
ARGH!
What I meant to write was:
No, it's *not* ok to use gets().
Never. Never ever.
Use fgets() (and watch out for the trailing '\n'). Or read a
character at a time. Or use some custom routine like ggets().
gets(), for all practical purposes, cannot be used safely. It is a
buffer overflow waiting to happen.
(I'll try to cancel the article, but I doubt that it will work.)
--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Keith Thompson wrote:
ARGH!
What I meant to write was:
No, it's *not* ok to use gets().
Never. Never ever.
Use fgets() (and watch out for the trailing '\n'). Or read a
character at a time. Or use some custom routine like ggets().
gets(), for all practical purposes, cannot be used safely. It is a
buffer overflow waiting to happen.
Well, there is Secure Template Overloads in VC8
( http://msdn2.microsoft.com/en-us/library/ms175759.aspx). Sort of a
pointless feature since a typical C program won't combine as C++
without heavy modification. Anyway, this is totally off topic.
Keith Thompson wrote:
Keith Thompson <ks***@mib.orgwrites:
No, it's ok to use gets().
ARGH!
What I meant to write was:
No, it's not ok to use gets().
Ah, negation typo. The best kind.
(I'll try to cancel the article, but I doubt that it will work.)
For what it's worth, I didn't see the other. I think NIN is pretty good
about allowing cancels and supercedes.
Brian
"Default User" <de***********@yahoo.comwrites:
Keith Thompson wrote:
>Keith Thompson <ks***@mib.orgwrites:
No, it's ok to use gets().
ARGH!
What I meant to write was:
No, it's not ok to use gets().
Ah, negation typo. The best kind.
>(I'll try to cancel the article, but I doubt that it will work.)
For what it's worth, I didn't see the other. I think NIN is pretty good
about allowing cancels and supercedes.
My own news server honored the cancel -- but my error is archived for
eternity on groups.google.com.
Proofread! Proofread! Proffread!
--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Keith Thompson wrote:
My own news server honored the cancel -- but my error is archived for
eternity on groups.google.com.
You may be able to delete it:
<http://groups.google.com/support/bin/answer.py?answer=8380>
It's not entirely clear whether the original message had to be posted
via Google or not, but I don't believe so.
Brian This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: richard |
last post by:
I have a simple test to pass information from a client to a server
using named pipe. what I really want is: when I type a line on the client,
the server will output the line immediately. but to my...
|
by: Tor Erik Sønvisen |
last post by:
Hi
I need to browse the socket-module source-code. I believe it's contained in
the file socketmodule.c, but I can't locate this file... Where should I
look?
regards tores
|
by: AckMike |
last post by:
I am trying to write client and server programs that communicate with
named pipes. There is one multithreaded server that handles all of the
requests and multiple multithread clients that make...
|
by: olaf.dietsche |
last post by:
Hi,
The system is Windows XP and DB2 v8.1.7.
I'm trying to load a text file via named pipe into a table.
I have two programs:
the first program creates the named pipe, waits for a client...
|
by: Steve R. Hastings |
last post by:
While studying iterators and generator expressions, I started wishing I
had some tools for processing the values. I wanted to be able to chain
together a set of functions, sort of like the...
|
by: Rochester |
last post by:
Hi,
I just found out that the general open file mechanism doesn't work
for named pipes (fifo). Say I wrote something like this and it
simply hangs python:
#!/usr/bin/python
import os
|
by: David T. Ashley |
last post by:
Hi,
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the...
|
by: DBC User |
last post by:
Hi All,
I am trying to create a named pipe for two of my process to
communicate. I wrote bunch of unit test to make sure the
funcationality works the way it is supposed to be. In this app I am...
|
by: DBC User |
last post by:
Hi all,
I would like to know is there a way to find out if any named pipes are
running in a box. How can I go about doing that? Or is there a way to
find out if a particular named pipe already...
|
by: clyfish |
last post by:
In cmd, I can use find like this.
C:\>netstat -an | find "445"
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
C:\>
And os.system is OK....
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |