Backup using cron job instead of exec

Hi,

My tech is warning me about enabling the PHP exec function. Is there a way for us to run the backup using a cron job instead of using the PHP exec function. If so, what would be the command.

thanks,
K
 

twisted1919

Administrator
Staff member
@Kerry Panchoo - The backup extension uses exec() to call the tar and mysqldump linux command line utilities.
Basically the tar command is invoked to create an archive with all the files and database, and the mysqldump is invoked to backup the database. Your tech could simply have a bash script that does the same, it's just a matter of preference.
 

twisted1919

Administrator
Staff member
@Kerry Panchoo - Why would it be a matter of security?
If we go with this premise, then we should disable half of php functions since each function could be a security issue in it's own way, take for example eval() and base64_encode()/base64_decode() followed by chr() and ord() or popen / proc_* family.
They become a problem only when your server is infected/hacked and a third party can run these functions to do nasty things, but at this point, you really have bigger issues than the ability of running exec.
And, if someone can run arbitrary code on your server, then be sure that that someone can as well create and run any shell script. as well.
As i said before, it's just a matter of preference, don't throw the security argument because it's really not the case ;)
 
Top