Re: [tlug] Permissions on PHP script to only run locally

[Curt Sampson <cjs@example.com>]

On 2010-03-09 08:29 +0000 (Tue), Godwin Stewart wrote:

> If so, have the script detect whether it is run by apache or by cron.

Ouch! It's much, much more reliable to just make sure that only those
who should be able to run the program can do so, than to let those who
should not be able to run it also do so and then try to detect what's
going on.

Otherwise you open yourself up to new and interesting attacks later, as
the system changes. For example, a new version of your web server, or a
different web server, or even just a different configuration, may change
how that environment variable works. Or you might add another user who's
accessing the system through means other than the web server.

In general, divvy up your security zones by user, using existing
security mechanisms, whether these by Unix users, database users, or
whatever.

cjs
-- 
Curt Sampson         <cjs@example.com>         +81 90 7737 2974
             http://www.starling-software.com
The power of accurate observation is commonly called cynicism
by those who have not got it.    --George Bernard Shaw