问题
Are shell commands considered a legitimate programming interface? Specifically, is there anything wrong with executing bash shell commands on a linux application server from PHP pages or CGI files? Does this introduce efficiency or security issues?
Thanks
回答1:
Sometimes OK, but...
Sometimes it's the best way to solve a problem.
But possible issues are:
Security
Look out for code injection if you aren't doing taint checking.
Performance
Running shell commands will involving forking the PHP interpreter and executing complex and relatively slow system calls. This is OK for a lightly loaded server but won't work for a busy site.
Synchronization
Ensuring that things happen in the right order avoids well-known problems called lost updates, dirty reads, and incorrect summaries. While shell commands are not by themselves a cause of any of these things, running them asynchronously can be, and increasing the complexity of your system will make it harder to analyze.
回答2:
If secure application and server, no.
来源:https://stackoverflow.com/questions/4535877/is-using-shell-commands-from-php-cgi-bad-practice