Ian P. Christian wrote: > Bert-Jan wrote: > >> Even easier: your hosts file ! >> Just make a fake name and point it to the right server. >> >> > > And what if someone finds out what hostname? They can use it..... > > Please stop trying to use host headers for security, it won't happen :) > > See the link about client certificates for real security, else you can > use htpasswd/htdigest authentication. > > > I kind of do not get the point. I understand that you can fake it but how in the world would you point it to me development machine :) And the production server should not respond to any domain.local so that it cannot ever reach the index.php file to load the development environment. If you production the server is responding to many domain names then it will always go to the else clause which it he production sf_environment. As I agreed about $_SERVER["HTT_HOST"] is unsafe, $_SERVER["SERVER_NAME"] should be just what I was thinking about when using HTTP_HOST. Sorry, I want you to elaborate but I am actually using this is production websites and I want to know if I should be changing it ASAP.
Thanks, Kupo --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
