Hello, sf can check the name of the script name, if the file end by _dev.php then in production sf can throw a 404 error.
As Fabien states, we may need to run the project in dev mode, this should allowed in a yml file : allow_dev : on|off . Of course, this will only work if the dev respects sf's conventions. Thomas On Fri, May 16, 2008 at 3:52 PM, Fabien POTENCIER <[EMAIL PROTECTED]> wrote: > > Andreas Hucks wrote: >> That might be possible to spoof... I actually intended it the other way >> around - the system checks if the server running the script is a >> development machine, not if the client issuing the request is. > > Sometimes you also need to be able to use the dev environment on the > production machine. > > I think we need to think about the problem with all environments in > mind, not only the dev environment. There is nothing special about the > dev environment except the fact it's created by default. > > Also, we need to keep in mind that there are a lot of possible > deployment strategies: FTP, rsync, checkout, ... and a lot of possible > server softs and configuration. So, the solution must take all those > things into account. > > Fabien > >> >> Andreas >> >> [EMAIL PROTECTED] schrieb: >>> I second this. This could be useful as a setting for applications as >>> well. Like putting all backend-stuff in a separate app, and then >>> require specific IP's for access. It seems natural to provide this >>> kind of functionality as an environment-dependent setting, preferably >>> with customizeable fallback: >>> >>> prod: >>> .secure_access: >>> allow: //list ip's >>> disallow: //list ip's >>> fallback: //name of environment || app || url || none >>> (404/500) >>> >>> Regards, Gunnar >>> >>> On May 16, 2:55 pm, Andreas Hucks <[EMAIL PROTECTED]> wrote: >>>> Improvement: make "dev_hosts" an array for development on multiple >>>> machines. >>>> >>>> Andreas Hucks schrieb: >>>> >>>>> How about having a setting "dev_host" or something in security.yml or >>>>> other config. If the server executing the script does not match >>>>> dev_host, symfony either won't execute the dev environment at all, or >>>>> revert back to prod. >>>>> That way, it defaults to "don't execute dev", and cannot be overlooked >>>>> by accident when uploading. >>>>> Cheers, >>>>> Andreas >>>>> Ian P. Christian schrieb: >>>>>> I want to hear from you all as to what you think the best method for >>>>>> securing the default _dev files - I will not suggset anythign now, as I >>>>>> want to present a blank slate. >>>>>> I will implement the solution we finally agree on. >>>>>> Thoes that want to help please let me know. >> >> > >> >> > > > > -- Thomas Rabaix Internet Consultant --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
