Welcome Guest, Not a member yet? Register   Sign In
Running Cron Safely
#1

[eluser]Glen Swinfield[/eluser]
There seems to be bits and pieces scattered all over the forums/wiki regarding running CI with CRON. The main problems I have found with the solutions are: preventing public user access and using wget/curl etc.

So here's how I did it. It's quite simple.

1. Clone your index.php file and call it, for example cronindex.php
2. Add these lines to the top of the file:

Code:
$_SERVER['REQUEST_URI'] = '/cronindex.php/controller/action/';
$_SERVER['PATH_INFO'] = '/controller/action/';

3. SSH in as root and chmod cronindex.php and your controller (assuming it's only purpose is to be run as a CRON job) like so -
Code:
chmod 0700 cronindex.php
- this allows read, write and execute commands to the owner only. then change the owner and group to root:
Code:
chown root.root cronindex.php

4. Add your cron job to the root cron file.

Now the root user is executing the cronindex.php script and controller. Permission is denied to any other group/user so it is secure.

Different server setups could cause problems. You could also create a different user to prevent using root. It is up to you.

Also, I don't use these forums that often so if anyone thinks this message would be better of elsewhere please move it.
#2

[eluser]Yash[/eluser]
You have 164 posts and don't use it much lol

anyways thank you for tutorial.
#3

[eluser]Matthieu Fauveau[/eluser]
Seems much simpler to do that :

Code:
class Cron extends Controller {

    function Cron()
    {
        parent::Controller();    

        if($this->session->userdata('ip_address') != $this->input->server('SERVER_ADDR')) { die(); }
    }

Isn't it ? Wink
#4

[eluser]Glen Swinfield[/eluser]
Possibly simpler, if you don't like using ssh etc. But the other method keeps the security out of the code. - System runs the Cron, system governs access.

Also, client IP's can be forged so I would only use your technique where I was preventing public access for convenience rather than to protect an important operation that should be secure.
#5

[eluser]stuffradio[/eluser]
This is actually a good thread seeing how I am going to be working with a cron in a day or so.
#6

[eluser]Matthieu Fauveau[/eluser]
@Glen : you're right. In my app the Cron doesn't run a secure operation Wink

One could also had a security key as a segment parameter. Then the Cron runs only if a valid key is provided.




Theme © iAndrew 2016 - Forum software by © MyBB