All my php development experience has been with a web front end. I am creating an app that will rely on Cron firing off at predetermined times and executing php scripts. In the web world I have sessions and so forth but in Cron, what state am I in exactly? Is it possible for someone from the outside world to fire off one of the Cron php scripts? Do I face any of the same security issues that I face in the web world? Other than the obvious of server protection of course. But assuming the server is secure, is there any other way to get in and affect Cron? Thanks
The root folder for cron jobs is generally one or two folders above the public one so you can keep all those scripts where no one can directly access them.
Assuming you have “real” CRON, not unless someone can log in to the ACP as you.
Great thanks. One more quick question. If I am firing off a job on the Cron scheduler, I assume that is using the server clock. Is that always the same time clock as the php server?
So if I set a job to go at 12:01 AM in Cron, and then do a php date() function, I am assuming i will get the same date and time, correct?
Yes, server time is used by the server’s system.
The CRON jobs are run by the server but as a group (Apache or cPanel?) rather than as root. Saying that, it should also be limited to your portion of any shared server, too, so it may be run under your account.
Felgall was correct about the placement of the CRON files to be executed but I dropped mine in the DocumentRoot so I could test and update at a moments notice. Just use the correct path no matter where you uploaded them.
Access to your CRON is limited to your account (not necessarily just you - use a VERY STRONG password to protect your account!).
If you’re not aware, CRON does not simply execute a PHP file, it needs you to direct it to PHP’s location (with a switch) and then provide the path to the PHP file you want CRON to execute (see jemz’s post for an example).
Thanks for the input. Very helpful and I do try to keep my server and general account passwords pretty strong. No 1234 or password, Cheers
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.