I've got a php file that writes certain values to my database. I execute this file every 20 seconds with CRON, but I don't want someone to be able to go to the location of this file and execute it from the web. I've set the file permissions to 644, but I can still go to website.com/phpfile.php and have the data written to the database. How can I prevent the public from executing the script?
In a typical setup used these days a
php script does not require the execution permission bit to be executed by the http server. That is because the request does not start the script is a process based on the operating system. Instead the http server only reads the file and feeds the content into the
php engine loaded as a module. So the only permission required is that the http server process can read the script.
Things would be different if you were using
php by means of
CGI instead of as a http server module. But that has a severe performance penalty, exactly because a new process has to be forked for each request.