I've not seen anything to indicate to me that running php scripts in a cron job (via php compiled as a CLI) is any less secure than running cron jobs written in any other language.
All of mine are 700 root, the cron process runs as root and I understand that. Since I'm the root on the box, it's ok. PHP does not 'run as root'. The CLI will run as whomever is executing the script. My $.02 worth. =C= * Cal Evans * Stay Plugged Into Your Audience * http://www.christianperformer.com -----Original Message----- From: John Taylor-Johnston [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 3:07 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] crontab Cal, Liam, Jimmy, Thanks. If this is a serious security hazard, could you show me some code that is more secure? I am the "root". Mind you I've never worked with crontab before. I want to run /var/www/backup_mysql.php I suppose I should start by putting it somewhere not publicly accessible? Thanks, John Liam Gibbs wrote: > > Can I run a php script in crontab? > > Do I echo or print? > > Anyone doing it? > > This is a serious security hazard. However, what you could do is have a PHP > page set cron settings (such as name of file, location, frequency, and > importance), then have another cron job (running at a decent frequency) do > the organization. However, this is still a security flaw, as hackers can > just take a look at your cron jobs and get in and run their own in place of > yours. Probably no more a flaw than normal, though, as if a hacker can get > in to replace your cron job, they can get in and run any number of things > anyway. Make sure to hard code your cron jobs, as having a downloadable page > is a bigger security hazard. You don't want the PHP page to do this itself, > because it will have to run as root. > > I did this one time, and if I'm allowed some time to get my page up, I can > e-mail you some instructions. What you'll need is a PHP page, a txt file > (for the settings) and a cron job that will read the file and do the > necessary steps to arrange the cron jobs itself. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
