我可以保护我的CRON脚本免受远程用户的攻击吗? [英] Can I protect my CRON scripts from remote users?

问题描述

我目前正在从事一个涉及使用CRON作业的新项目.

I am currently working on a new project which involves using CRON jobs.

CRON脚本基本上运行SQL查询，将数据生成到文件中，然后通过FTP将文件发送到另一台服务器.

The CRON script basically runs an SQL query, generates the data into a file, and send that file to another server via FTP.

该脚本位于实时网站(www.website.com/sendOrders.php)

The script is on a live website (www.website.com/sendOrders.php)

我没有看到任何安全问题或威胁，而且我认为任何人都不太可能在服务器上找到PHP脚本.但是我不希望该脚本由任何局外人执行.

I don't see any security issues or threats, and I think it is highly unlikely that anyone will find the PHP script on the server. However I don't want the script to be executed by any outsiders.

有没有办法保护这个脚本?

Is there a way I can protect this script?

谢谢 彼得

推荐答案

您可以将秘密文件"移至子文件夹，然后创建

You could move your "secret files" into a subfolder, then create a .htaccess file in there that prevents access to that file from everyone, except the server that is running the Cronjob.

示例:

DENY FROM ALL
ALLOW FROM 123.123.123.123

如果您具有外壳程序访问权限，则也可以将脚本放在可访问文件夹之外，并通过命令行或cronjob直接运行，如下所示:php script.php.

If you have shell access you might also put the scripts outside of the accessible folder and run directly via command line or cronjob like this: php script.php.

这篇关于我可以保护我的CRON脚本免受远程用户的攻击吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！