How to run crontab from remote unix server to execute a password protected asp script on another server?

Hi,

I have a client hosting with GoDaddy on a windows server using classic asp. I need to run a cron job to execute an asp page on that server. I have setup the cron job on one of my shared unix servers (not hosted on GoDaddy) successfully BUT I do not want anyone else to be able to access the asp page (on GoDaddy) and accidently trigger the script. How do I protect the asp page from unwanted hits? If I password protect it, how do I access the page from cron?

Thanks in advance.
Christina
ChristinaPupoAsked:
Who is Participating?
 
saoirse1916Connect With a Mentor Commented:
I've never used cron so I may be way off base here, but you could trigger the script using a username/password in a querystring, such as http://www.yoursite.com/protecteddirectory/yourscript.asp?u=username&p=123HardPassword456.  Then on the script itself, simply check to see if those values were passed properly before executing:

<% If Request.QueryString("u") <> "username" AND Request.QueryString("p") = "123HardPassword456" Then
     Response.Redirect("errorpage.asp")
End If %>

The page is susceptible to a brute-force crack attempt this way, but provided you make your username/password difficult enough it should suffice.  Also,  you could add in some IP address limiting using Request.ServerVariables("REMOTE_ADDR"), assuming of course that the server that's calling the script never changes IP address.
0
 
saoirse1916Commented:
Oops!  This should be OR, not AND

<% If Request.QueryString("u") <> "username" OR Request.QueryString("p") = "123HardPassword456" Then
     Response.Redirect("errorpage.asp")
End If %>
0
 
ChristinaPupoAuthor Commented:
That sounds like it may work. Let me give it a try and get back to you.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
ChristinaPupoAuthor Commented:
Hi saoirse1916:

It works with cron but only with one quesrystring variable, the second one always seems to get left out. I also had to use response.End() instead of Response.Redirect because the cron gets redirected to the error page and then saves it (because the cron uses wget), which is undesirable.

I added both a Password and an IP Adress check for extra security. Thanks!

      'GET REMOTE IP
      IpAddress = Request.ServerVariables("REMOTE_ADDR")
      
      'GET UPD AND VALIDATE
      if request.querystring("upd") <> "_UPD_" or IpAddress <> "_IPADDRESS_" then
            response.End()
      else...
0
 
ChristinaPupoAuthor Commented:
Thank you!
0
 
saoirse1916Commented:
Ahh, makes sense.  Well, between the password and the IP address check, it should be pretty secure.
0
All Courses

From novice to tech pro — start learning today.