I suggest two steps: Put a .htaccess into the project root upon project initialization with the following contents: --- Deny from All --- This is useful if people configure their public directory as the project base directory by accident (and doesn't hurt if not). Additionally, insert the following lines in /web/.htaccess: --- Allow from All
<FilesMatch "(?<!index)\.php$"> Order deny,allow Deny from All Allow from 168.0 127.0 # uncomment the following lines if you want to access your # controllers on a remote machine # make sure to setup and configure the .htpasswd file correctly #AuthType Basic #AuthName "Restricted Access" #AuthUserFile /path/to/.htpasswd #Require valid-user #Satisfy Any </FilesMatch> --- This way, people can only access .php-files other than index.php from their development machine and their local network. If they want to access it on a remote machine, they have to uncomment the authentification settings, add a .htpasswd file and it will work just as well. I personally feel pretty pleased with this solution. Thoughts? Regards, Bernhard 2008/5/16 Nicolas Perriault <[EMAIL PROTECTED]>: > > 2008/5/16 Ian P. Christian <[EMAIL PROTECTED]>: > >>> i usually secure this file use apache capabilities. >> This doens't provide any 'out of the box' security - which I feel is >> important. > > If you want to secure things at that level, then we should also think > about people who make their documentroot as the root of the symfony > project, or people allowing HTML in their public comment forms, etc... > > To me, this part sould be left to the developer responsability. > Symfony cannot secure every people applications by default, as every > developer have its own weaknesses or misknowledges. > > Anyway to answer your base question, I personnaly do use the symfony > sync task and the rsync_exclude file where I put the *_dev.php files, > so these file cannot be published on remote servers. > > ++ > > -- > Nicolas Perriault > http://prendreuncafe.com - http://symfonians.net - http://sensiolabs.com > Phone: +33 660 92 08 76 > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
