[El Forum]

[eluser]esset[/eluser]
I have a question on how you do when running cronjobs w/ CI.

Since CI routes everything through the URL scheme (segments) which are public I was wondering how YOU do to best protect your cron related calls. For best security I would like to run cron related calls away from the public_html directory, so they aren't even accessable from the public domain.

Any tips&tricks; would be appreciated.

Thanks

[El Forum]

[eluser]CodeIgniteMe[/eluser]
Does making the visibility of the controller/method from Public to Protected/Private helps?
or use the rerouting feature.

Code:

$routes['cron/call'] = 'redirect/to/another/page';

[El Forum]

[eluser]esset[/eluser]
How do I access a private/protected controller? Doesn't all controller calls need to go through the url-segments

[El Forum]

[eluser]jmadsen[/eluser]
you might look at this:

http://codeigniter.com/wiki/Cron_job_bootstrapper/

[El Forum]

[eluser]esset[/eluser]
Thanks jmadsen. But I don't see how that's better, the user can still access the controller/method from the public domain by just browsing to it domain.com/controller/method.

Do you think there's a way to run private/protected controllers from a bootstrapper?

Right now I'm doing the same, and sending with a key (just a 32 characters hash) as a password to protect my controller from running if the key isn't valid. But it feels like a workaround somehow.

Thanks

[El Forum]

[eluser]Jaketoolson[/eluser]
Assuming your php.ini has

Code:

register_argc_argv On

Just pass an argv through the cron. If none is passed, the cron won't run regardless of it being run from the domain. If so, just throw a redirect?

cron /controller/method hashphrase

Code:

if ( ! isset($argv[1]) OR $argv[1] <> 'hashphrase')
{
  redirect(DEFAULT);
}

[El Forum]

[eluser]esset[/eluser]
Yeah, that's what I'm doing now. Just wanted to see if there was a better practice out there

Thanks for the input guys.