发表新帖
发表新帖

PHP & cron: security issues

后端 未结
关注
6 1312
孤城傲影
孤城傲影 2021-01-02 16:44

Whats the best way to ensure that only CRON executes PHP scripts, and not someone else who stumbled upon your php scripts..

I was thinking a Password Variable.... bu

6条回答
  • 谎友^
    谎友^ (楼主)
    2021-01-02 17:06

    Having a password could work, but :

    • Writing a password in your crontab is a bad idea because other local users might be able to read it
    • Your syntax won't work (it would try to run the script "script?password=12345". Parameters can't be named in shell script, so you would have to run "script.php 12345"

    A valid solution would be to check in your PHP script, that the current environment looks like the one provided by cron when launching commands. Cron specific environment variables might help you ensure your script is being run fby cron and not a user.

    0 讨论(0)
 看不清?
提交回复
热议问题