Darkstar Darkstar - 4 years ago 80
PHP Question

Correct file permissions for PHP file that doesn't allow the public to execute

I've got a php file that writes certain values to my database. I execute this file every 20 seconds with CRON, but I don't want someone to be able to go to the location of this file and execute it from the web. I've set the file permissions to 644, but I can still go to website.com/phpfile.php and have the data written to the database. How can I prevent the public from executing the script?

Answer Source

In a typical setup used these days a php script does not require the execution permission bit to be executed by the http server. That is because the request does not start the script is a process based on the operating system. Instead the http server only reads the file and feeds the content into the php engine loaded as a module. So the only permission required is that the http server process can read the script.

Things would be different if you were using php by means of CGI instead of as a http server module. But that has a severe performance penalty, exactly because a new process has to be forked for each request.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download