Friday, November 11th, 2005

Building an Ajax WebConsole Application

Category: Articles

<p>Stoyan Stefanov has written an article in which he walks us through building an Ajax WebConsole:

The application we’ll create will allow you to execute any shell command on your Web server, whether it’s Windows- or Linux-based. We’ll even put in a little CSS effort in an attempt to make the app feel more like a console window.

Interface-wise, we have one scrollable <div> that
contains the results of the commands executed so far, and one textbox
into which we type the commands to be executed. They both have a black
background and gray courier font.

The server-side is PHP based.

Related Content:

  • Book Excerpt: Building AJAX JSF Components
    JavaServer Faces: The Complete Reference offers coverage of JavaServer Faces (JSF) including JSF custom component development. Written by experts...
  • Choosing an Ajax framework
    Your customers won't have to fear Ajax if they have the right tools to work with. Help them determine which Ajax-specific framework, library or...
  • Ajax Tutorial
    Ajax, short for Asynchronous Java and XML, has allowed developers to create interactive Web pages with rich interfaces. Rich Internet applications...
  • Ajax ups and downs
    The advantages and pitfalls of Ajax, especial for developers working in .NET, are covered in this video interview with an expert in the field. The...
  • Building an Oracle team
    In today's e-business environment, maintaining high availability, optimizing performance and delivering consistent service are essential. Building and...

Posted by Dion Almaer at 9:35 am
2 Comments

+++--
3 rating from 5 votes

2 Comments »

Comments feed

Unfortunately this technique is a CSRF attack waiting to happen – basically it can open your entire site up for other people to execute commands on your server, even if you put it behind authentication. Read my comments on his article (as Skunk) for details.

Comment by Simon Willison — November 12, 2005

Simon’s right, this would be a bad idea for a web site, but… for a web-based system management application, where access is controlled via secure authentication by the application (not the server), it’s pretty useful. By assigning users/groups, the shell would only provide command access based on explicit ACL permissions. Plus as an application, it can be more easily firewall’d off or only accessible via internal subnet.

When I was at Sun, we built something just like this into the N1 System Manager application, though we put both the input and the return output into the same screen and used similar CSS to achieve a similar console look. Best of all, it behaves like a bash shell with tab-completion, arrow history, etc.

Comment by Josh Johnson — November 12, 2005

Leave a comment

You must be logged in to post a comment.