You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+13Lines changed: 13 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -116,6 +116,19 @@ Some tips:
116
116
- If multiple tasks are started with the same task ID, then the task status object will only track the first task that was started
117
117
- Known issue: on Windows, checking task statuses can be slow (about 0.5 - 1 seconds) due to underlying bottlenecks
118
118
119
+
### Securing the task runners
120
+
The way this library works means that attackers (or other unwanted parties) may simply craft malicious commands that mimic legitimate usage of this library.
121
+
122
+
To secure the task runners from being started illegitimately, you may configure the `.env` file to contain the following key:
123
+
124
+
```
125
+
PROCESS_ASYNC_SECRET_KEY=[your secret key here]
126
+
```
127
+
128
+
You may need to clear your Laravel optimisation cache after changing this value.
129
+
130
+
The contents of the async tasks will be signed by this secret key, so that this library can know whether the tasks are started by this library itself or someone else.
0 commit comments