× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. December 2014

Re: trying to use EXEC with Zend

Larry,

I think what you may not be understanding is that your PHP script doesn't run on the PC. It's running on the web server, and only the output is being sent to the browser. So using PHP's exec() will work to get files on the server (because that's where it's running) but can't access anything that's not available to the server. (Though, if the PC is available to the server, such as if you can access it via /QNTC, that's another story.)

Therefore, the next idea that might pop into your mind... since PHP is communicating with the web browser, why not have the web browser return this information to your PHP script? That makes a lot more sense -- but unfortunately, this also won't work because (as others have said) it would be a huge security violation. Imagine if any web site on the internet could just start running any DOS command it wanted on your PC when you visit their web page. (...shudder...) It doesn't matter at all if this is "solicited" or not!

What WOULD work, though, as Paul has already pointed out, is a signed Java applet. This is a piece of Java code that gets downloaded from your server into the browser, and then it runs on the PC. It has to be cryptographically signed to prove it's really made by you in order to be able to do things like run DOS commands -- that's why it must be a "signed" applet vs a regular applet. With this approach, the first time they run it, the user will be asked whether they trust your site to run an application (the applet) on the PC. Once they agree, it will be able to do what you want.

The other possible approach is to run some sort of 'command server' on the PC. For example, one that implements the SSH or REXEC protocol could be installed on each PC, and you could submit commands to that server. This would be similar to the original approach you tried to use where you send a DOS command and it runs and returns the output to your PHP script. But, it would involve the user installing software on the PC, and you would need to make sure that it's installed and secured properly. As with ANY tool that can run a command on the PC, security is a huge, HUGE, concern -- so careful planning is required here.



On 12/4/2014 4:08 PM, Larry Kleinman wrote:

It is not unsolicited. The website displays a jpg and i want to give the
user the ability to click something that will open that jpg in mspaint

Sent from my iPhone



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.