On Oct 8, 3:12 pm, Lukas Kahwe Smith <[EMAIL PROTECTED]> wrote: > On 08.10.2007, at 15:07, Stefan Koopmanschap wrote: > > > > > We currently have a different approach. All our _dev files are outside > > the web directory. That way, it will never be available on our > > production machines. If we need it on production for debugging > > purposes, we simply temporarily copy/symlink the _dev file inside the > > web directory, and once we're done, we remove the file. > > > To prevent accidental deployment of _dev files to production, we also > > have them (inside the web directory) excluded from rsyncing. Our > > deployment strategy is not to checkout on production, but to checkout > > locally and use the symfony sync command to deploy to the production > > environment. > > > Hopefully this is helpful? > > hmm not really. i think kris's approach is the most viable approach > for me atm. symlinking would be a problem. a hacker could then just > try to create some issue on the web site and wait for the development > frontend to become available. actually i would not be surprised if > hackers already have scanners that look for development frontends for > symfony (or any other framework that has similar capabilities).
Hmm... yes. But then again, I didn't mention that our _dev files are not simply called frontend_dev.php and backend_dev.php. We have named them differently to prevent people trying the default names from finding them ;) But you are right, this is a point of attention. Stefan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
