我可以保护我的 CRON 脚本免受远程用户的攻击吗?

我目前正在开展一个涉及使用 CRON 作业的新项目.

I am currently working on a new project which involves using CRON jobs.

CRON 脚本基本上运行 SQL 查询,将数据生成到文件中,然后通过 FTP 将该文件发送到另一台服务器.

The CRON script basically runs an SQL query, generates the data into a file, and send that file to another server via FTP.

该脚本位于实时网站 (www.website.com/sendOrders.php) 上

The script is on a live website (www.website.com/sendOrders.php)

我没有看到任何安全问题或威胁,而且我认为任何人都不太可能在服务器上找到 PHP 脚本.但是我不希望脚本被任何外人执行.

I don't see any security issues or threats, and I think it is highly unlikely that anyone will find the PHP script on the server. However I don't want the script to be executed by any outsiders.

有没有办法保护这个脚本?

Is there a way I can protect this script?

谢谢彼得

推荐答案

您可以将您的秘密文件"移动到一个子文件夹中,然后创建一个 .htaccess 文件 阻止所有人访问该文件,运行 Cronjob 的服务器除外.

You could move your "secret files" into a subfolder, then create a .htaccess file in there that prevents access to that file from everyone, except the server that is running the Cronjob.

示例:

DENY FROM ALL
ALLOW FROM 123.123.123.123

如果您有 shell 访问权限,您也可以将脚本放在可访问文件夹之外,并直接通过命令行或 cronjob 运行,如下所示:php script.php.

If you have shell access you might also put the scripts outside of the accessible folder and run directly via command line or cronjob like this: php script.php.

相关文章