I have a set of php scripts that make it possible for a client to
build and update his/her own website. It is a bit like a CMS on
steroids. the client has access to forms, but does not have access to
the command line on the web server. I've implemented a number of
security features - filtering input, escaping output - but I can't get
a nagging fear out of my mind that someone will be able to find a hole
and ---- WORST FEAR COMING!!! ----
--- gain access to the website Linux/Bash command line!
I've had two coding professionals tell me that the only way that could
happen is if PHP had a bug that would allow someone to penetrate into
the server RAM and prowl around in memory. If that is the only way,
then I would be greatly relieved, in a way, because it would be
completely beyond my control via my php scripts. The admin would have
to keep php updated, but that is routine anyway.
On the other hand, if I have to safeguard against that kind of
intrusion with the right php coding practices, then I need to know the
specific safeguards that will prevent this worst of all kinds of
intrusions.
Would someone please comment on this issue and steer me in the right
direction?