Sunday, 15 March 2015

security - Silverstripe Cron Job Admin Actions -



security - Silverstripe Cron Job Admin Actions -

i have controller function permission set admin needs executed form cron job, unfortuntly calling php or php-cgi says actipn not permitted on controller. i've temporarily removed admin check, it's resource intensive it's possible ddos vector

you can utilize custom permission check in controller check if phone call made cli:

class foocontroller extends controller { private static $allowed_actions = array( 'mysecureaction' => '->mysecuritycheck' ); public function mysecureaction() { // here } /** * if method returns true, action executed * more information, view docs at: http://doc.silverstripe.org/framework/en/topics/controller#access-control */ public function mysecuritycheck() { homecoming director::is_cli() || permission::check('admin'); } }

security cron silverstripe

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)