我可以保护我的CRON脚本免受远程用户的攻击吗

我可以保护我的CRON脚本免受远程用户的攻击吗

本文介绍了我可以保护我的CRON脚本免受远程用户的攻击吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我目前正在从事一个涉及使用CRON作业的新项目.

I am currently working on a new project which involves using CRON jobs.

CRON脚本基本上运行SQL查询,将数据生成到文件中,然后通过FTP将文件发送到另一台服务器.

The CRON script basically runs an SQL query, generates the data into a file, and send that file to another server via FTP.

该脚本位于实时网站(www.website.com/sendOrders.php)

The script is on a live website (www.website.com/sendOrders.php)

我没有看到任何安全问题或威胁,而且我认为任何人都不太可能在服务器上找到PHP脚本.但是我不希望该脚本由任何局外人执行.

I don't see any security issues or threats, and I think it is highly unlikely that anyone will find the PHP script on the server. However I don't want the script to be executed by any outsiders.

有没有办法保护这个脚本?

Is there a way I can protect this script?

谢谢彼得

推荐答案

您可以将秘密文件"移至子文件夹,然后创建.htaccess文件,该文件可以阻止所有人(运行Cronjob的服务器除外)对该文件的访问.

You could move your "secret files" into a subfolder, then create a .htaccess file in there that prevents access to that file from everyone, except the server that is running the Cronjob.

示例:

DENY FROM ALL
ALLOW FROM 123.123.123.123

如果您具有外壳程序访问权限,则也可以将脚本放在可访问文件夹之外,并通过命令行或cronjob直接运行,如下所示:php script.php.

If you have shell access you might also put the scripts outside of the accessible folder and run directly via command line or cronjob like this: php script.php.

这篇关于我可以保护我的CRON脚本免受远程用户的攻击吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-01 11:35