计划执行 php 代码

发布于 2024-11-08 06:11:24 字数 263 浏览 3 评论 0原文

大家好,我的理解是,cron 可以通过启动 php 解释器并将其传递给要执行的脚本的路径来执行 php 代码。

我想要安排的代码位于 codeigniter 控制器/模型中。所以基本上控制器包含 3 个执行一些数据库统计的函数。每个功能都有自己的时间表。

如何保护该控制器的安全,以免代码被恶意执行?作为 cron 作业的一部分,我是否将一些凭据传递给控制器​​?或者我是否将该代码设置为单独的 ci 应用程序?

对此事的任何想法将不胜感激。

谢谢

Hey folks, the way i understand it is that cron can be used to execute php code by launching the php interpreter and passing it the path to the script to be executed.

The code I would like to schedule is in a codeigniter controller/model. So basically the controller contains 3 functions that perform some db stats. Each function will have its own schedule.

How can I secure that controller so that the code doesn't get executed maliciously? do I pass some creds to the controller as part of the cron job? or do i take that code an set it up as a separate ci app?

Any thoughts on the matter would be appreciated.

thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

会发光的星星闪亮亮i 2024-11-15 06:11:24

您不应该创建用于执行脚本的控制器。您应该只创建一个普通 PHP 脚本,并通过命令行/cron 启动它。

该脚本不应位于您的公共 Web 目录中,而应位于其他位置(例如,在 script 文件夹中),公众无法访问(脚本不应是网页)。

因为如果您有一个脚本作为控制器,这意味着您通过 HTTP 服务器启动该脚本,这不安全,并且在您的 cron 任务中您必须使用类似 的内容wget“localhost/mycontroller/myaction”(不太干净)。

You shouldn't create a controller for doing a script. You should just create a normal PHP script, and launch it via command line/cron.

The script shouldn't be in your public web directory, it should be elsewhere (in a script folder for example), not accessible by the public (a script shouldn't be a web page).

Because if you have a script as a controller, that means you lanch the script via the HTTP server, which isn't secure, and in your cron task you'd have to use something like wget "localhost/mycontroller/myaction" (less clean).

鲸落 2024-11-15 06:11:24

您始终可以将文件移到 Web 目录之外,因此您只能从服务器端访问它。另一种方法是更改​​文件的权限,使您的服务器无法读取该文件,并在 root 下执行 cron(不推荐)。

至于 credis,您可以使脚本仅在传递正确的 get 变量时运行。例如,该脚本仅在您调用以下命令时运行:

http://localhost/script.php?chjfbbhjscu4iu793673vhjdvhjdbjvbdh=bugy34gruhw3d78gyfhjbryufgbcgherbciube

You could always move the file outside the web directory, so you can only access it from the server side. Another way is to change the permissions on the file, so your server cant read the file, and execute the cron under root (not recommended).

As for credis, you can make the script only run if you pass the correct get variable. For example, the script only runs when you call:

http://localhost/script.php?chjfbbhjscu4iu793673vhjdvhjdbjvbdh=bugy34gruhw3d78gyfhjbryufgbcgherbciube
臻嫒无言 2024-11-15 06:11:24

我认为查询字符串的想法实际上并没有那么糟糕,特别是如果这个 URL 是在防火墙后面沿着您自己的网络传递的,那么就没有真正值得担心的原因。

您可以实现的另一个安全功能是确保“客户端”请求 IP 地址等于服务器的 IP 地址,因此只有从执行控制器操作的服务器调用脚本时,脚本才能继续运行。

I don't think the querystring idea is that bad actually, especially if this URL is being passed along your own network behind a firewall then there's no real cause for concern.

Another security feature you could implement is making sure the "client's" request IP address is equal to the server's IP address, hence the script can only proceed if it is being called from the server that executes the controller action.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文