My method is simple, i rename frontend_dev.php to frontend_dev_[random hash].php so i'm the only one who knows and the baby hacker can't find it :>
A+ [MA]Pascal SQLI Oujda/Maroc On 16 mai, 13:52, Fabien POTENCIER <[EMAIL PROTECTED] project.com> wrote: > Andreas Hucks wrote: > > That might be possible to spoof... I actually intended it the other way > > around - the system checks if the server running the script is a > > development machine, not if the client issuing the request is. > > Sometimes you also need to be able to use the dev environment on the > production machine. > > I think we need to think about the problem with all environments in > mind, not only the dev environment. There is nothing special about the > dev environment except the fact it's created by default. > > Also, we need to keep in mind that there are a lot of possible > deployment strategies: FTP, rsync, checkout, ... and a lot of possible > server softs and configuration. So, the solution must take all those > things into account. > > Fabien > > > > > Andreas > > > [EMAIL PROTECTED] schrieb: > >> I second this. This could be useful as a setting for applications as > >> well. Like putting all backend-stuff in a separate app, and then > >> require specific IP's for access. It seems natural to provide this > >> kind of functionality as an environment-dependent setting, preferably > >> with customizeable fallback: > > >> prod: > >> .secure_access: > >> allow: //list ip's > >> disallow: //list ip's > >> fallback: //name of environment || app || url || none > >> (404/500) > > >> Regards, Gunnar > > >> On May 16, 2:55 pm, Andreas Hucks <[EMAIL PROTECTED]> wrote: > >>> Improvement: make "dev_hosts" an array for development on multiple > >>> machines. > > >>> Andreas Hucks schrieb: > > >>>> How about having a setting "dev_host" or something in security.yml or > >>>> other config. If the server executing the script does not match > >>>> dev_host, symfony either won't execute the dev environment at all, or > >>>> revert back to prod. > >>>> That way, it defaults to "don't execute dev", and cannot be overlooked > >>>> by accident when uploading. > >>>> Cheers, > >>>> Andreas > >>>> Ian P. Christian schrieb: > >>>>> I want to hear from you all as to what you think the best method for > >>>>> securing the default _dev files - I will not suggset anythign now, as I > >>>>> want to present a blank slate. > >>>>> I will implement the solution we finally agree on. > >>>>> Thoes that want to help please let me know. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
