On 08.10.2007, at 15:32, Ian P. Christian wrote:
> > Stefan Koopmanschap wrote: >> Hmm... yes. But then again, I didn't mention that our _dev files are >> not simply called frontend_dev.php and backend_dev.php. We have named >> them differently to prevent people trying the default names from >> finding them ;) > > Security though obscurity, the best line of defense! ;) > > You can limit access to specific URLs in the vhost, so > frontend_dev.php > could only be accessible to users presenting a client SSL certificate. > ok .. could you also provide a sample config for this? i will write up a little wiki page with all of the mentioned approaches. in general it seems to me like quite a lot of people on this list seem to be in need of a solution and they all found different approaches. i generally prefer solutions that leverage outside tools as little as possible (some people use other web servers etc). I think my solution could be generalized and integrated into symfony if there is interest. I actually think that this solution would also help in managing other challenges, like being able to put your images on a different host on production. Then again, once the helpers are turned into objects, we can more easily extend them, which should enable a more flexible url generation approach on a per need basis. regards, Lukas --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
