Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to run crontab from remote unix server to execute a password protected asp script on another server?

Posted on 2008-10-31
6
705 Views
Last Modified: 2010-04-21
Hi,

I have a client hosting with GoDaddy on a windows server using classic asp. I need to run a cron job to execute an asp page on that server. I have setup the cron job on one of my shared unix servers (not hosted on GoDaddy) successfully BUT I do not want anyone else to be able to access the asp page (on GoDaddy) and accidently trigger the script. How do I protect the asp page from unwanted hits? If I password protect it, how do I access the page from cron?

Thanks in advance.
Christina
0
Comment
Question by:ChristinaPupo
  • 3
  • 3
6 Comments
 
LVL 8

Accepted Solution

by:
saoirse1916 earned 500 total points
ID: 22850210
I've never used cron so I may be way off base here, but you could trigger the script using a username/password in a querystring, such as http://www.yoursite.com/protecteddirectory/yourscript.asp?u=username&p=123HardPassword456.  Then on the script itself, simply check to see if those values were passed properly before executing:

<% If Request.QueryString("u") <> "username" AND Request.QueryString("p") = "123HardPassword456" Then
     Response.Redirect("errorpage.asp")
End If %>

The page is susceptible to a brute-force crack attempt this way, but provided you make your username/password difficult enough it should suffice.  Also,  you could add in some IP address limiting using Request.ServerVariables("REMOTE_ADDR"), assuming of course that the server that's calling the script never changes IP address.
0
 
LVL 8

Expert Comment

by:saoirse1916
ID: 22850215
Oops!  This should be OR, not AND

<% If Request.QueryString("u") <> "username" OR Request.QueryString("p") = "123HardPassword456" Then
     Response.Redirect("errorpage.asp")
End If %>
0
 

Author Comment

by:ChristinaPupo
ID: 22851693
That sounds like it may work. Let me give it a try and get back to you.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:ChristinaPupo
ID: 22860561
Hi saoirse1916:

It works with cron but only with one quesrystring variable, the second one always seems to get left out. I also had to use response.End() instead of Response.Redirect because the cron gets redirected to the error page and then saves it (because the cron uses wget), which is undesirable.

I added both a Password and an IP Adress check for extra security. Thanks!

      'GET REMOTE IP
      IpAddress = Request.ServerVariables("REMOTE_ADDR")
      
      'GET UPD AND VALIDATE
      if request.querystring("upd") <> "_UPD_" or IpAddress <> "_IPADDRESS_" then
            response.End()
      else...
0
 

Author Closing Comment

by:ChristinaPupo
ID: 31512003
Thank you!
0
 
LVL 8

Expert Comment

by:saoirse1916
ID: 22864175
Ahh, makes sense.  Well, between the password and the IP address check, it should be pretty secure.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Add server behaviors to Dreamweaver CC 2015 2 183
Displaying number of records depdning on table contents - classic asp 13 44
API not working 33 66
Copy only dates 3 91
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question