Security through command line: is it a good idea? (PHP)

Is it OK to give full authorization to any request coming from the command line?

开发者_运维知识库

My idea was to make this check:

if(isset($_SERVER['argc']) AND $_SERVER['argc']>=2) {
    // it must be the admin, give him full authorization, no further checks needed.
} else {
    // normal web request, authentication needed.
}

Does this make sense?

Anything else I should know before I start using the command line to execute my php scripts?

---

It's only safe if the server has only one user. Otherwise you need to either:

• Check for the correct user ID in the script
• Make the script only executable for that user

(This is assuming a Linux server)

---

The command line is not a very good place from which to control your web application: your app displays HTML output, which is not much good to a human looking at a console (not to mention the JavaScript that won't work etc).

You could arrange for different output to be generated when running from the command line, but as a practical matter: why bother with all this? Why not have the administrator be authenticated from the web just like any other user?

If you want to have a special backdoor built into your app anyway though, I would suggest something like this (which is web-based):

define('ADMIN_BACKDOOR', true); // comment out to disable
$is_admin = defined('ADMIN_BACKDOOR') && $_SERVER['REMOTE_ADDR'] == '127.0.0.1';

This is IMO next to impossible to exploit, and it allows you admin access from a natural environment (the browser).