Ian P. Christian wrote: > Kiril Angov wrote: > >> I kind of do not get the point. I understand that you can fake it but >> how in the world would you point it to me development machine :) And the >> production server should not respond to any domain.local so that it >> cannot ever reach the index.php file to load the development >> environment. >> > > Sorry - I thought you were relying on split horizon DNS, and your > productino and dev controllers were on the same machine, under the same > vhost, but relying on the host header for 'security' on which controller > to use. > > If your dev machine isn't reachable from the internet, then it's fine to > rely on this (assuming your logic that relies on the host header never > makes it to your live production site - or any server that would be > reachable from the internet) > > However, if you're talking about an internal development machine, you're > probably best just using an apache config (or you could do it in PHP if > yo really wanted to...) to limit you by IP address, which can't easily > be faked over a layer 3 network. > > Obviously there are a thousand ways to achieve what we are talking about and I was thinking for the most straightforward way to achieve that, one that can be put in the wiki and all PHP developers can understand. I agree that the SSL certificates is by far the best way to achieve that but it will take more than a minute to ever implement that and if I am not mistaken you have to have separate IP for the SSL which is not possible on virtual hosts. So the SSL way seems way too complicated for what most of us do and that is checking out the code from subversion on a local machine, then use the hosts file to make domain.local and when happy with the changes push them with subversion to production. Also the problem with faking the HOST header is pretty much inexistent for virtual hosts as faking it will pretty much mean entering a different URL in the address bar.
Kupo PS I found something that shed more light on the issue: http://shiflett.org/blog/2006/mar/server-name-versus-http-host So although unreliable for open source software like wordpress or whatever gets installed by many people with different configurations, under controlled environment like is a specific website, this is not a problem at all, I think :) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
