On 25 Jan 2007, at 03:52, Darren Spruell wrote: > On 1/24/07, chefren <[EMAIL PROTECTED]> wrote: >> On 1/25/07 1:34 AM, Passeur wrote: >> > We are in the process of developing a PHP framework with a web >> frontend to >> > manage the OpenBSD settings through a web browser. >> > A friend advised me not to do that because of all the security >> holes I will >> > introduce on OpenBSD. >> > He advised me rather using PHP to use CGI/PERL. >> > >> > What is your opinion ? > > There's a perfectly good remote management interface for OpenBSD. > > sshd(8).
If you really have to use php, a framework suggested to my by a fellow tech at a company that I used to work for seemed sane. 1. Use PHP to manage a configuration on a totally separate box (the "config" box). 2. Use ssh to roll that configuration out to the live box, from the config box. This way you're not opening up your entire system to php vulns, the machine that does the configuration should be securely locked away, inaccessible from the outside world, and you're administering the machine in a secure manner. Use ssh keyed authentication to remove the need for passwords and you're away. You can even make the config box manage many configurations, just store the configuration in a database, dynamically create any configuration files on the config box and scp them over to the live box. Thoughts? Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/