Jump to content

External supporting PHP (or Bash) scripts best practice?


Recommended Posts

With every PW website, I usually create a folder in the root (let's call it "something") where I store various scripts that do random things (most of these scripts act on ProcessWire directly so I bootstrap it).  I execute them either by visiting the url in my browser or using the terminal.  There's a bit of security through obscurity with this approach that feels wrong.

Using something like RockShell is probably the more formal way to do it, but sometimes it may not be the right choice for short-lived scripts or scripts that don't act on PW directly, or if the script is written in Bash.  Also I haven't started using RockShell regularly yet although that's the plan (I'll have to convert a lot of sites).

So my question is, what is your go-to approach in terms of where to store and how to handle supporting scripts like I described?

  • Like 1
Link to comment
Share on other sites

  • Jonathan Lahijani changed the title to External supporting PHP (or Bash) scripts best practice?
26 minutes ago, Jonathan Lahijani said:

With every PW website, I usually create a folder in the root (let's call it "something") where I store various scripts that do random things (most of these scripts act on ProcessWire directly so I bootstrap it).  I execute them either by visiting the url in my browser or using the terminal.  There's a bit of security through obscurity with this approach that feels wrong.

Using something like RockShell is probably the more formal way to do it, but sometimes it may not be the right choice for short-lived scripts or scripts that don't act on PW directly, or if the script is written in Bash.  Also I haven't started using RockShell regularly yet although that's the plan (I'll have to convert a lot of sites).

So my question is, what is your go-to approach in terms of where to store and how to handle supporting scripts like I described?

My personal policy is to assume those will only be executable through shell, and save them in site/templates/cli or something like that, but always inside templates so that they are blocked by default by the default htaccess config.

  • Like 1
Link to comment
Share on other sites

I check permission (e.g. superuser) in the php script, use .htaccess folder protection and use get parameters to hide/redirect (404) non privileged users depending on how powerful the script is or what damage it may do in untrusted users hands. If in doubt, I create an admin module or upload the script only for the time required (with the measures above) and remove it afterwards via FTP.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...