[eluser]esset[/eluser]
I have a question on how you do when running cronjobs w/ CI.
Since CI routes everything through the URL scheme (segments) which are public I was wondering how YOU do to best protect your cron related calls. For best security I would like to run cron related calls away from the public_html directory, so they aren't even accessable from the public domain.
Any tips&tricks; would be appreciated.
Thanks
[eluser]CodeIgniteMe[/eluser]
Does making the visibility of the controller/method from Public to Protected/Private helps?
or use the rerouting feature.
Code:
$routes['cron/call'] = 'redirect/to/another/page';
[eluser]esset[/eluser]
How do I access a private/protected controller? Doesn't all controller calls need to go through the url-segments
[eluser]esset[/eluser]
Thanks jmadsen. But I don't see how that's better, the user can still access the controller/method from the public domain by just browsing to it domain.com/controller/method.
Do you think there's a way to run private/protected controllers from a bootstrapper?
Right now I'm doing the same, and sending with a key (just a 32 characters hash) as a password to protect my controller from running if the key isn't valid. But it feels like a workaround somehow.
Thanks
[eluser]Jaketoolson[/eluser]
Assuming your php.ini has
Code:
register_argc_argv On
Just pass an argv through the cron. If none is passed, the cron won't run regardless of it being run from the domain. If so, just throw a redirect?
cron /controller/method hashphrase
Code:
if ( ! isset($argv[1]) OR $argv[1] <> 'hashphrase')
{
redirect(DEFAULT);
}
[eluser]esset[/eluser]
Yeah, that's what I'm doing now. Just wanted to see if there was a better practice out there
Thanks for the input guys.