我可以保护我的 CRON 脚本免受远程用户的攻击吗?
我目前正在开展一个涉及使用 CRON 作业的新项目.
I am currently working on a new project which involves using CRON jobs.
CRON 脚本基本上运行 SQL 查询,将数据生成到文件中,然后通过 FTP 将该文件发送到另一台服务器.
The CRON script basically runs an SQL query, generates the data into a file, and send that file to another server via FTP.
该脚本位于实时网站 (www.website.com/sendOrders.php) 上
The script is on a live website (www.website.com/sendOrders.php)
我没有看到任何安全问题或威胁,而且我认为任何人都不太可能在服务器上找到 PHP 脚本.但是我不希望脚本被任何外人执行.
I don't see any security issues or threats, and I think it is highly unlikely that anyone will find the PHP script on the server. However I don't want the script to be executed by any outsiders.
有没有办法保护这个脚本?
Is there a way I can protect this script?
谢谢彼得
推荐答案
您可以将您的秘密文件"移动到一个子文件夹中,然后创建一个 .htaccess 文件 阻止所有人访问该文件,运行 Cronjob 的服务器除外.
You could move your "secret files" into a subfolder, then create a .htaccess file in there that prevents access to that file from everyone, except the server that is running the Cronjob.
示例:
DENY FROM ALL
ALLOW FROM 123.123.123.123
如果您有 shell 访问权限,您也可以将脚本放在可访问文件夹之外,并直接通过命令行或 cronjob 运行,如下所示:php script.php.
If you have shell access you might also put the scripts outside of the accessible folder and run directly via command line or cronjob like this: php script.php.
相关文章