Fabian Lange wrote:
> Add to all non production controllers:
>
> <?php
> //This prevents accidental access to non production frontends
> if (!in_array($_SERVER['REMOTE_ADDR'], array('127.0.0.1')))
> {
> echo('Your IP '.$_SERVER['REMOTE_ADDR'].' is not in set of allowed IPs.');
> echo('Check '.__FILE__.' For more information. ');
> die();}
>
> ?>
This is surely the easiest and most secure way, but I'd like to
discuss the configurability of this solution. I believe that we should
not encourage editing front controller files by hand as it is the most
fragile and vulnerable part of whole application. Adding more
flexibility (IP ranges, etc.) to the configuration is also very
appreciated.
Putting these IPs in the configuration files and checking them later
in a symfony application is more convenient and allows for easily
customised error pages. One may argue that this is less secure, but
since we still use symfony for public front controllers this will
surely not be the most vulnerable place in our site.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
-~----------~----~----~----~------~----~------~--~---
