Hi Kyle
To use the URl protection I'll have to spend a lot of time finding and documenting these urls,with no guarantee that I miss some(causing client data leaks, sensitive info for snoopers and potential exploiters). In addition, many of these are random and cannot be protected individually.
Wouldn't it be much easier feature to somehow add a "-" sign before the url in the specific url part protection to create exceptions for these as cron jobs are specific and few whereas everything else is spewed out randomly and in massive quantities...
Alternatively how about creating a cron user module for cbsubs where someone can add a "cron" user with cbsubs access that can be logged in and out with additional cron keys so that cbsubs users can create their own cron jobs likewise:
1) logs in as cron user with a 15 minute timeout,
2) run their cron task as a registered, subscribed user,
3) log off the cron user
A third option would be to create a secure login key or two that can be run in before any cron job - something similar to the cron url that cbsubs uses anyway.
A fourth option which may be completely out of bounds as I've not used it before is if you suggest a way around this sith the cb actions addon that has some cron task support?
There is so much flexibility in both cb and CBsubs that it doesn't seem at all like you guys to miss something like cron job exceptions for protected modules. I say that with great respect to all the work gone into it but also because after finally getting everything set up I'm left with one of two options - run the jobs manually (not possible as one needs to be done avery 3-5 minutes) and to have a site full of access gaps.
For my site it is of the upmost importance to restrict any access whatsoever to these modules as the potential for data leaks is dramatically increased with these gaps.
Perhaps one of the above options are viable or you can suggest something else?
Many thanks,
N
krileon
