[sclug] Local execution form web app

Neil Haughton haughtonomous at googlemail.com
Mon Jun 7 08:58:48 UTC 2010


I apologise if this is off-topic-ish, but I would like a general opinion.

I am currently working with a web application that is being developed for
sale to customers ranging from small companies to corporates. The general
public will not have access. One of the requirements is to be able to
execute an arbitrary local executable from within the web app. 'Arbitrary'
in the sense that the actual choice of executable can be configured by the
user, the idea that a customer can configure the app to launch some local
process as part of some action he has taken within the application. The
configuration can be locked down by the user (eg customer sysadmin) and for
the most part will be used on an intranet.

A typical use case is to configure the web app to download a text file (say
some auto-generated report) from the web server and open it in a local text
editor - but there are no limits on what the local application could  be.

My instincts are that this will meet with resistance from sysadmins,
corporates in particular, for security reasons, but then again logic tells
me that on an intranet and given the ability to lock down the configuration
so local users cannot tinker with it, this isn't a security issue in the
first place.

Are there any 'sysadmins' out there who can give me their views on whether I
am seeing a problem where one doesn't exist, or are my instincts right?

TIA

Neil.



More information about the Sclug mailing list