Hi,
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
The PHP pipe manipulation functions (such as popen) were suggested to me.
Where can I find out more about pipes, specifically:
a)How to use the C library calls to manipulate pipes?
b)The Linux API (below the C library)?
I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.
I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.
Thanks.
17  1852 
David T. Ashley wrote:
Hi,
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
The PHP pipe manipulation functions (such as popen) were suggested to me.
Where can I find out more about pipes, specifically:
a)How to use the C library calls to manipulate pipes?
b)The Linux API (below the C library)?
I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.
I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.
Thanks.
I don't know Linux resources but have you tried PHP.net? http://www.php.net/manual/en/function.popen.php
David T. Ashley wrote:
Hi,
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
The PHP pipe manipulation functions (such as popen) were suggested to me.
Where can I find out more about pipes, specifically:
a)How to use the C library calls to manipulate pipes?
b)The Linux API (below the C library)?
I need enough information to write the compiled 'C' program, to exchange
information with the PHP scripts via pipes, and to handle exception
conditions.
I'm just not sure where to look ... I'm not even sure if the C library is
documented ... and which documentation is appropriate.
Thanks.
I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.
As for using pipes - if you've never used them before, you're going to
need to do a fair amount of reading. The api's aren't complicated, but
handling errors without hanging can sometimes be tricky.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
David T. Ashley wrote:
Hi,
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
The PHP pipe manipulation functions (such as popen) were suggested to me.
Where can I find out more about pipes, specifically:
a)How to use the C library calls to manipulate pipes?
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets() and getc(). To
write to stdout, you use puts() or printf().
If you have a working program already, chances are you can just pipe
data into it and get stuff back out.
"Chung Leong" <ch***********@hotmail.comwrites:
David T. Ashley wrote:
>On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the compiled 'C' program secret, i.e. the
information should not be passed on the command-line.
The PHP pipe manipulation functions (such as popen) were suggested to me.
Where can I find out more about pipes, specifically:
a)How to use the C library calls to manipulate pipes?
The standard C library does not include support for pipes (unless you
count the handling of stdin and stdout, but that requires some
external process to set up the pipe).
There are functions under Unix-like systems, including Linux, for
creating and manipulating pipes, but questions about them are
off-topic in comp.lang.c.
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets() and getc(). To
write to stdout, you use puts() or printf().
Never use gets(). It makes it practically impossible to avoid buffer
overflows. fgets() is a safe alternative.
--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Hq******************************@comcast.com. ..
>
I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.
It is my understanding that all command-line arguments are visible to all
processes. Try "ps -Af" on a Linux system.
Dave.
David T. Ashley wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Hq******************************@comcast.com. ..
>>I guess I don't understand the problem with passing it in the command
line. If it's a process-to-process communication, it won't be visible
anyway.
It is my understanding that all command-line arguments are visible to all
processes. Try "ps -Af" on a Linux system.
Dave.
For as long as the program is running, and I think only if you're an
admin (but I could be wrong on that).
But who's going to have ssh/telnet access to the system? And how long
is the program going to run?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Jerry Stuckle wrote:
For as long as the program is running, and I think only if you're an
admin (but I could be wrong on that).
But who's going to have ssh/telnet access to the system? And how long
is the program going to run?
A simple script could save the command line argument in a
evil.example.org server (it's very hard to hide it but it could be
inserted in other program or simply replace it).
I suggest to use encrypted environment variables or simple environment
variables for a lower security level.
Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!
Extract from man gets
BUGS
Never use gets(). Because it is impossible to tell without
knowing the data in advance how
many characters gets() will read, and because gets() will
continue to store characters past
the end of the buffer, it is extremely dangerous to use. It has
been used to break computer
security. Use fgets() instead.
and getc(). To
write to stdout, you use puts() or printf().
SadOldGit wrote:
Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.
Chung Leong wrote:
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets().
MSDOS lost pipes? When did that happen?
"Chung Leong" <ch***********@hotmail.comwrites:
SadOldGit wrote:
>Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.
No, it's ok to use gets().
--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
In article <ln************@nuthaus.mib.org>,
Keith Thompson <ks***@mib.orgwrote:
>"Chung Leong" <ch***********@hotmail.comwrites:
>SadOldGit wrote:
>>Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.
No, it's ok to use gets().
They'll get you for that.
Keith Thompson <ks***@mib.orgwrites:
"Chung Leong" <ch***********@hotmail.comwrites:
>SadOldGit wrote:
>>Chung Leong wrote:
Google "stdio.h". To read from stdin, you just do it as though you're
reading from the keyboard, with functions like gets()
I seriously hope you are not using gets() !!!!
It's been a while since I last use the stdio function :-) I vaguely
remember that the command-line in MS-DOS has a certain limit, so it was
actually OK to use gets(). scanf() was the one to avoid.
No, it's ok to use gets().
ARGH!
What I meant to write was:
No, it's *not* ok to use gets().
Never. Never ever.
Use fgets() (and watch out for the trailing '\n'). Or read a
character at a time. Or use some custom routine like ggets().
gets(), for all practical purposes, cannot be used safely. It is a
buffer overflow waiting to happen.
(I'll try to cancel the article, but I doubt that it will work.)
--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Keith Thompson wrote:
ARGH!
What I meant to write was:
No, it's *not* ok to use gets().
Never. Never ever.
Use fgets() (and watch out for the trailing '\n'). Or read a
character at a time. Or use some custom routine like ggets().
gets(), for all practical purposes, cannot be used safely. It is a
buffer overflow waiting to happen.
Well, there is Secure Template Overloads in VC8
( http://msdn2.microsoft.com/en-us/library/ms175759.aspx). Sort of a
pointless feature since a typical C program won't combine as C++
without heavy modification. Anyway, this is totally off topic.
Keith Thompson wrote:
Keith Thompson <ks***@mib.orgwrites:
No, it's ok to use gets().
ARGH!
What I meant to write was:
No, it's not ok to use gets().
Ah, negation typo. The best kind.
(I'll try to cancel the article, but I doubt that it will work.)
For what it's worth, I didn't see the other. I think NIN is pretty good
about allowing cancels and supercedes.
Brian
"Default User" <de***********@yahoo.comwrites:
Keith Thompson wrote:
>Keith Thompson <ks***@mib.orgwrites:
No, it's ok to use gets().
ARGH!
What I meant to write was:
No, it's not ok to use gets().
Ah, negation typo. The best kind.
>(I'll try to cancel the article, but I doubt that it will work.)
For what it's worth, I didn't see the other. I think NIN is pretty good
about allowing cancels and supercedes.
My own news server honored the cancel -- but my error is archived for
eternity on groups.google.com.
Proofread! Proofread! Proffread!
--
Keith Thompson (The_Other_Keith) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Keith Thompson wrote:
My own news server honored the cancel -- but my error is archived for
eternity on groups.google.com.
You may be able to delete it:
<http://groups.google.com/support/bin/answer.py?answer=8380>
It's not entirely clear whether the original message had to be posted
via Google or not, but I don't believe so.
Brian This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: richard |
last post by:
I have a simple test to pass information from a client to a server
using named pipe. what I really want is: when I type a line on the client,
the server will output the line immediately. but to my...
|
by: Tor Erik Sønvisen |
last post by:
Hi
I need to browse the socket-module source-code. I believe it's contained in
the file socketmodule.c, but I can't locate this file... Where should I
look?
regards tores
|
by: olaf.dietsche |
last post by:
Hi,
The system is Windows XP and DB2 v8.1.7.
I'm trying to load a text file via named pipe into a table.
I have two programs:
the first program creates the named pipe, waits for a client...
|
by: Steve R. Hastings |
last post by:
While studying iterators and generator expressions, I started wishing I
had some tools for processing the values. I wanted to be able to chain
together a set of functions, sort of like the...
|
by: Rochester |
last post by:
Hi,
I just found out that the general open file mechanism doesn't work
for named pipes (fifo). Say I wrote something like this and it
simply hangs python:
#!/usr/bin/python
import os
| | |
by: David T. Ashley |
last post by:
Hi,
On a Linux platform, I have the need to call a compiled 'C' program from a
PHP script (to do some special authentication), and to keep the information
passed from the PHP script to the...
|
by: DBC User |
last post by:
Hi All,
I am trying to create a named pipe for two of my process to
communicate. I wrote bunch of unit test to make sure the
funcationality works the way it is supposed to be. In this app I am...
|
by: DBC User |
last post by:
Hi all,
I would like to know is there a way to find out if any named pipes are
running in a box. How can I go about doing that? Or is there a way to
find out if a particular named pipe already...
|
by: clyfish |
last post by:
In cmd, I can use find like this.
C:\>netstat -an | find "445"
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
C:\>
And os.system is OK....
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |
