Friday, November 11th, 2005

Building an Ajax WebConsole Application

Category: Articles

Stoyan Stefanov has written an article in which he walks us through building an Ajax WebConsole:

The application we’ll create will allow you to execute any shell command on your Web server, whether it’s Windows- or Linux-based. We’ll even put in a little CSS effort in an attempt to make the app feel more like a console window.

Interface-wise, we have one scrollable <div> that
contains the results of the commands executed so far, and one textbox
into which we type the commands to be executed. They both have a black
background and gray courier font.

The server-side is PHP based.

Posted by Dion Almaer at 9:35 am

3 rating from 5 votes


Comments feed

Unfortunately this technique is a CSRF attack waiting to happen – basically it can open your entire site up for other people to execute commands on your server, even if you put it behind authentication. Read my comments on his article (as Skunk) for details.

Comment by Simon Willison — November 12, 2005

Simon’s right, this would be a bad idea for a web site, but… for a web-based system management application, where access is controlled via secure authentication by the application (not the server), it’s pretty useful. By assigning users/groups, the shell would only provide command access based on explicit ACL permissions. Plus as an application, it can be more easily firewall’d off or only accessible via internal subnet.

When I was at Sun, we built something just like this into the N1 System Manager application, though we put both the input and the return output into the same screen and used similar CSS to achieve a similar console look. Best of all, it behaves like a bash shell with tab-completion, arrow history, etc.

Comment by Josh Johnson — November 12, 2005

Leave a comment

You must be logged in to post a comment.