<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">We've done something like that, here,
using plugins to do anything we needed. The reason we never
published it was that it was not secure <u>at all</u> and we
needed to revisit it.<br>
<br>
Do you intend to "hardcode" the jobs available, or leave the user
to decide, thus opening your backend to some unwelcomed behavior?
I suppose that if you limit it to running tasks under you
hierarchy/misc/cronjobs, that would work just fine, even if being
somewhat limited.<br>
<br>
curious<br>
<br>
<br>
<div class="moz-signature">
<style type="text/css">
.moz-signature {
color: #FFFFFF;
}
.sig_inlibro {
padding-top : 2px;
color: #888888;
font-family : "Trebuchet MS", verdana;
font-size: 90%;
}
.sig_content {
border-top: 2px solid #DDDDDD;
border-bottom: 2px solid #BFD13D;
background-color : #F6F6F6;
padding-left:10px;
}
.sig_inlibro a:visited, .sig_inlibro a:hover, .sig_inlibro a:link {
text-decoration: none;
color: #005B85;
}
.nom {
color: #005B85;
font-weight : bold;
}
.inlibro, .in {
color: #BFD13D;
}
.libro {
color: #005B85;
}
.in, .libro {
font-size : 120%;
}
.desc {
margin-bottom: 0;
padding-bottom: 5px;
}
.small {
font-size: 80%;
}
.tagline {
color : #00BCE4;
}
.sig_footer {
padding-left : 10px;
background-color : #EEEFEA;
}
</style>
<div class="sig_inlibro">
<div class="sig_content"> <span class="nom">Philippe Blouin,</span><br>
<span class="tagline small">Responsable du développement
informatique</span><br>
<p class="desc small"> Tél. : (888) 604-2627<br>
<a href="mailto:philippe.blouin@inLibro.com">philippe.blouin@inLibro.com</a>
</p>
</div>
<div class="sig_footer"> <span class="in">in</span><span
class="libro">Libro</span> <span class="tagline small">|
pour esprit libre |</span> <a class="small"
href="http://www.inLibro.com">www.inLibro.com</a> </div>
</div>
</div>
On 10/27/2015 06:20 AM, Julian Maurice wrote:<br>
</div>
<blockquote cite="mid:562F4FDE.6050108@biblibre.com" type="cite">
<pre wrap="">Hi,
Comments in bug 1993 state that using 'at' for task scheduling is bad
for security.
Galen suggests (comment 34) to use a DB table to store a list of jobs,
and check periodically this list with a script in crontab.
I would like to know if someone is already working on something like
that (I didn't find anything in Bugzilla).
If not, do you agree with Galen's proposal as a replacement for the task
scheduler ? Do you have better ideas ?
</pre>
</blockquote>
<br>
</body>
</html>