Re: PHP script to only be accessed by cron [message #175269 is a reply to message #175265] |
Wed, 31 August 2011 06:34 |
alvaro.NOSPAMTHANX
Messages: 277 Registered: September 2010
Karma:
|
Senior Member |
|
|
El 31/08/2011 2:23, jwcarlton escribió/wrote:
> I'm writing a PHP script that I want to ONLY be accessed by a
> predefined cron. Can you guys suggest a way to prevent non-cron
> accesses?
>
> I wouldn't mind encoding the page, too, JUST in case I have a root
> breach (not expected, of course, but not impossible). Since I would
> only need to encode one page, once, would it be reasonable to use the
> free trial of Zend Guard? Or would you guys suggest something
> different?
I'm sure you can get the process tree, find out whether the parent of
your script's PID belongs to the cron binary and abort otherwise.
However, the second paragraph talks about hackers and encoding, which
gives the impression that non-cron execution is not the problem itself
but you solution to some unmentioned problem.
I say so because it's pretty common that non-root users are allowed to
schedule cron tasks and, of course, root is able to run any script on
disc no matter the file permissions. Are those situations acceptable?
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--
|
|
|