That might be possible to spoof... I actually intended it the other way around - the system checks if the server running the script is a development machine, not if the client issuing the request is.
Andreas [EMAIL PROTECTED] schrieb: > I second this. This could be useful as a setting for applications as > well. Like putting all backend-stuff in a separate app, and then > require specific IP's for access. It seems natural to provide this > kind of functionality as an environment-dependent setting, preferably > with customizeable fallback: > > prod: > .secure_access: > allow: //list ip's > disallow: //list ip's > fallback: //name of environment || app || url || none > (404/500) > > Regards, Gunnar > > On May 16, 2:55 pm, Andreas Hucks <[EMAIL PROTECTED]> wrote: >> Improvement: make "dev_hosts" an array for development on multiple machines. >> >> Andreas Hucks schrieb: >> >>> How about having a setting "dev_host" or something in security.yml or >>> other config. If the server executing the script does not match >>> dev_host, symfony either won't execute the dev environment at all, or >>> revert back to prod. >>> That way, it defaults to "don't execute dev", and cannot be overlooked >>> by accident when uploading. >>> Cheers, >>> Andreas >>> Ian P. Christian schrieb: >>>> I want to hear from you all as to what you think the best method for >>>> securing the default _dev files - I will not suggset anythign now, as I >>>> want to present a blank slate. >>>> I will implement the solution we finally agree on. >>>> Thoes that want to help please let me know. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
