我可以保护我的 CRON 脚本免受远程用户的攻击吗? [英] Can I protect my CRON scripts from remote users?

问题描述

我目前正在开展一个涉及使用 CRON 作业的新项目.

I am currently working on a new project which involves using CRON jobs.

CRON 脚本基本上运行 SQL 查询，将数据生成到文件中，然后通过 FTP 将该文件发送到另一台服务器.

The CRON script basically runs an SQL query, generates the data into a file, and send that file to another server via FTP.

该脚本位于实时网站 (www.website.com/sendOrders.php) 上

The script is on a live website (www.website.com/sendOrders.php)

我没有看到任何安全问题或威胁，而且我认为任何人都不太可能在服务器上找到 PHP 脚本.但是我不希望脚本被任何外人执行.

I don't see any security issues or threats, and I think it is highly unlikely that anyone will find the PHP script on the server. However I don't want the script to be executed by any outsiders.

有没有办法保护这个脚本?

Is there a way I can protect this script?

谢谢彼得

推荐答案

您可以将您的秘密文件"移动到一个子文件夹中，然后创建一个 .htaccess 文件 阻止所有人访问该文件，运行 Cronjob 的服务器除外.

You could move your "secret files" into a subfolder, then create a .htaccess file in there that prevents access to that file from everyone, except the server that is running the Cronjob.

示例:

DENY FROM ALL
ALLOW FROM 123.123.123.123

如果您有 shell 访问权限，您也可以将脚本放在可访问文件夹之外，并直接通过命令行或 cronjob 运行，如下所示:php script.php.

If you have shell access you might also put the scripts outside of the accessible folder and run directly via command line or cronjob like this: php script.php.

这篇关于我可以保护我的 CRON 脚本免受远程用户的攻击吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！