Solved

How to run crontab from remote unix server to execute a password protected asp script on another server?

Posted on 2008-10-31
6
703 Views
Last Modified: 2010-04-21
Hi,

I have a client hosting with GoDaddy on a windows server using classic asp. I need to run a cron job to execute an asp page on that server. I have setup the cron job on one of my shared unix servers (not hosted on GoDaddy) successfully BUT I do not want anyone else to be able to access the asp page (on GoDaddy) and accidently trigger the script. How do I protect the asp page from unwanted hits? If I password protect it, how do I access the page from cron?

Thanks in advance.
Christina
0
Comment
Question by:ChristinaPupo
  • 3
  • 3
6 Comments
 
LVL 8

Accepted Solution

by:
saoirse1916 earned 500 total points
ID: 22850210
I've never used cron so I may be way off base here, but you could trigger the script using a username/password in a querystring, such as http://www.yoursite.com/protecteddirectory/yourscript.asp?u=username&p=123HardPassword456.  Then on the script itself, simply check to see if those values were passed properly before executing:

<% If Request.QueryString("u") <> "username" AND Request.QueryString("p") = "123HardPassword456" Then
     Response.Redirect("errorpage.asp")
End If %>

The page is susceptible to a brute-force crack attempt this way, but provided you make your username/password difficult enough it should suffice.  Also,  you could add in some IP address limiting using Request.ServerVariables("REMOTE_ADDR"), assuming of course that the server that's calling the script never changes IP address.
0
 
LVL 8

Expert Comment

by:saoirse1916
ID: 22850215
Oops!  This should be OR, not AND

<% If Request.QueryString("u") <> "username" OR Request.QueryString("p") = "123HardPassword456" Then
     Response.Redirect("errorpage.asp")
End If %>
0
 

Author Comment

by:ChristinaPupo
ID: 22851693
That sounds like it may work. Let me give it a try and get back to you.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:ChristinaPupo
ID: 22860561
Hi saoirse1916:

It works with cron but only with one quesrystring variable, the second one always seems to get left out. I also had to use response.End() instead of Response.Redirect because the cron gets redirected to the error page and then saves it (because the cron uses wget), which is undesirable.

I added both a Password and an IP Adress check for extra security. Thanks!

      'GET REMOTE IP
      IpAddress = Request.ServerVariables("REMOTE_ADDR")
      
      'GET UPD AND VALIDATE
      if request.querystring("upd") <> "_UPD_" or IpAddress <> "_IPADDRESS_" then
            response.End()
      else...
0
 

Author Closing Comment

by:ChristinaPupo
ID: 31512003
Thank you!
0
 
LVL 8

Expert Comment

by:saoirse1916
ID: 22864175
Ahh, makes sense.  Well, between the password and the IP address check, it should be pretty secure.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
A short film showing how OnPage and Connectwise integration works.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now