© 2013 All rights reserved.
4

PHP: Protection public cron jobs

Programmers often forget to protect cron jobs that are executed in public addresses. Especially if you have shared hosting, it is usually difficult to secure run cron tasks.

cronjob

However, if the cron is on publicly url, can this cron job starts anyone. If this one know which URL address enter into browser.

 

1. Secret variable

 

“Emergency measure” to secure calls is to use a secret variables that will never be known. This solution is not very good, but sometimes there is no alternative. Especially on shared hosting.

Simply create a cron job in crontab them to add your own variables:

In PHP file we can now simply check, if this variable agree with our value:

This solution is not very secure. Anyone can find the value of variables and cron job run from browser.

 

2. Environment variable

 

Similar solution like secret variable is enviroment variable. This variable is set directly in crontab:

Now you can easily check if a variable exists:

This solution is slightly better, but again, it is possible that someone find out the value. Problem may be that not everywhere have access directly to the crontab.

 

3. Checking IP addresses

 

Another possible solution is to check whether cron is run from a server enviroment. In this case we distinguish two different options:

  • Script is running from localhost (127.0.0.1)
  • Script is running from public url

 

4. Use .htaccess

 

Use protection with htaccess is actually similar to the previous solution with checking IP address. We define the conditions for an IP address. In this case, however, the problem may be, for example, if you use some framework that creates URLs dynamically.

 

5. Cron jobs outside public html

 

Probably the best solution is to place cron jobs outside public directory.

In this case it is not possible to run scripts publicly from browser.

 

Conclusion

 

Do you have any better solution to use?

Comments are closed for this page

paranoiq

php_sapi_name() === ‘cli’

KANAX

Thanks you, I was looking for something like this.
I think I’ll combined some of these solutions 🙂

olivedev

Thanks for this tutorial, but this looks like a long process and not for a beginner like me. Is there any easier way to do this or the easier alternative is to use Cloudways like platform to schedule cron jobs in php easily (an example: https://www.cloudways.com/blog/schedule-cron-jobs-in-php/)?

olivedev

Thanks for this tutorial, but this looks like a long process and not for a beginner like me. Is there any easier way to do this or the easier alternative is to use Cloudways like platform to schedule cron jobs in php easily (an example: https://www.cloudways.com/blog/schedule-cron-jobs-in-php/)

About
Hi, i am programmer from the Czech Republic. I love web development (Ruby, Ruby on Rails, PHP, Nette) and iOS development (Objective-C, Cocoa).
To cooperate, here is my phone:
+420 608 836