Matthew Weier O'Phinney has posted the latest tip in his Zend Server deployment series, part 4 related to securing the scripts you use for your jobs (like cron, but run through Zend Server).
This is the fourth in a series of eight posts detailing tips on deploying to Zend Server. The previous post in the series detailed a trick I learned about when to execute a chmod statement during deployment. Today, I'm sharing a tip about securing your Job Queue job scripts.
He talks about the security concerns around the scripts you use for your jobs and how to protect them since they're exposed to the world as public scripts (if their URL can be tracked down, that is). He shares a few lines of code that can help prevent that, though - a check to see if it's running as a job (via getCurrentJobId) and returning a "403 Forbidden" if not.
Link: https://mwop.net/blog/2014-09-04-zend-server-deployment-part-4.html
没有评论:
发表评论