I am making a (PHP7 on Win2012r2 with Apache 2.4/JS) website for assisting a helpdesk. Info being searched is mostly information about computers, users and Active Directory. Some other resources as MSSQL and some legacy applications that run from the CMD line provide information as well. The information should also be able to get requested from mobile devices for fieldsupport engineers.
In 80% from all cases the helpdesk can use data that is recent, but not realtime. I have setup a bunch of PHP scripts and PS scripts to gather the relevant data, put that in a MySQL DB and let the helpdesk-website query that info (either static or with AJAX).
In 20% of the cases the helpdesk or FS engineers needs to see life of near-life data to troubleshoot when they have the user on the phone. Now my dilemma is how to get that data available at an acceptable speed (say a few seconds) -but- it must be done in a safe way!
So far I tried/considered:
1) Make the webrequest do a MySql trigger using sys_exec() to trigger an external script to get the data. Problem: sys_exec() is not native MySql and not safe as it is available to all MySql users.
2) Have the (PHP) webrequest trigger an exec to start a script getting the data. Problem: you need to give the PHP script that triggers the exec way too much rights, again (highly) unsafe.
3) Several ways in which the webrequest puts a line into a MySql (lets name it 'todo') memory table and have a script from a position with more rights and outside the webserver environment (but on the same server) poll the 'todo' table, execute the request and return the result in another table. Though this setup has a least 5 barriers for a potential hacker making it quite safe, it relies on polling from both the requestor as the executing backend-script, making it slow. Even though it is slow, i currently see this as the best choice.
4) use a network connection (localhost) between the requesting PHP and the script that gathers the data. Problem: This can only work as fire-and-forget as the requesting PHP only can do UDP request with default rights. For a proper TCP connection the requesting PHP script would need root/Admin rights which is unsafe. Though fire-and-forget migth work if the listening 'gathering script' returns its data to the a temp-memory-table in mysql, extensive status/error checking loops and -again- polling would be needed.
5) use PHP directly to get e.g. SNMP, WMI, MSSql and MySql data. Though SNMP and MySql are very easy to implement, MSSQL and espescially WMI calls are very hard (at least for me) to get to work properly on PHP7 on a Windows2012R2 server.
Does anyone have an idea how i would get the data from a variety of sources transferred back to the requesting PHP script without making this setup a major security hazard? Or maybe even better, a good fix to get MSSQL and espescially WMI to work under PHP7 running from windows2012r2?