Scheduled php code execution

Hey folks, the way i understand it is that cron can be used to execute php code by launching the php interpreter and passing it the path to the script to be executed.

The code I would like to schedule is in a codeigniter controller/model. So basically the controller contains 3 functions that perform some db stats. Each function will have its own schedule.

How can I secure that controller so that the code doesn't get executed maliciously? do I pass some creds to the cont开发者_如何学运维roller as part of the cron job? or do i take that code an set it up as a separate ci app?

Any thoughts on the matter would be appreciated.

thanks

You shouldn't create a controller for doing a script. You should just create a normal PHP script, and launch it via command line/cron.

The script shouldn't be in your public web directory, it should be elsewhere (in a script folder for example), not accessible by the public (a script shouldn't be a web page).

Because if you have a script as a controller, that means you lanch the script via the HTTP server, which isn't secure, and in your cron task you'd have to use something like wget "localhost/mycontroller/myaction" (less clean).

You could always move the file outside the web directory, so you can only access it from the server side. Another way is to change the permissions on the file, so your server cant read the file, and execute the cron under root (not recommended).

As for credis, you can make the script only run if you pass the correct get variable. For example, the script only runs when you call:

http://localhost/script.php?chjfbbhjscu4iu793673vhjdvhjdbjvbdh=bugy34gruhw3d78gyfhjbryufgbcgherbciube

I don't think the querystring idea is that bad actually, especially if this URL is being passed along your own network behind a firewall then there's no real cause for concern.

Another security feature you could implement is making sure the "client's" request IP address is equal to the server's IP address, hence the script can only proceed if it is being called from the server that executes the controller action.