Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Permissions on PHP script to only run locally



TLUG,

(Apologies is this hits the list twice. This email account had some
server troubles recently.)

I have a PHP script that runs a backup of some site files and emails me
a tar.gz file once a day. It's activated by cron on the webhosting server

It works great, but I realized it was a potential security hole. If
someone knew the exact address of my file, they could easily run a
script to access it over and over, and it would probably overwhelm the
system pretty quickly.

I wondered if there was a permission setting I could put on the file so
that it was only accessible by the server's local cron command, and not
accessible by anyone coming at it from the browser.

Is that possible or is it putting too much faith in permission settings?

If possible, what would the settings be? Permissions and ownership make
my head explode...

-- 
Dave M G


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links