I need to call a Kohana action through cron. I can use this code to limit only to the server IP:
$allowedIps = array('127.0.0.1','::1');
if(in_array($_SERVER['REMOTE_ADDR'],$allowedIps))
Do I need CSRF prevention, like tokens? The server is a Parallel's VPS. I wouldn't think there would be any users on a network browsing other pages making them s开发者_高级运维usceptible to CSRF.
The only way I can think of preventing this, if needed, is to create a non-accessible PHP script outside of Kohana called by cron, generate a token and save to flat file, and pass that token to Kohana via an outside include using this
http://forum.kohanaframework.org/discussion/1255/load-kohana-from-external-scriptapp/p1
If the script is going to be called via the local machine (which it is according to your code sample) then you could simplify that by making sure the code is called via the CLI.
if (Kohana::$is_cli)
{
// Run function
}
As for CSRF tokens, you don't need them for this. CSRF works by exploiting someone to click a link which initiates an action on their behalf. Since you can't access the cron controller/action via a browser (you shouldn't be able to) you don't need to worry about it.
I'm pretty sure you want to use this module for any CLI-related tasks. It'll probably be included as official Kohana module since 3.3 version as it's very popular and supported.
精彩评论