Kris Wallsmith wrote: > Hm, sorry if I'm late to the conversation. How about not automatically > creating a _dev.php controller along with an app?
You always need a _dev.php controller to develop your application. So, we need to create the file by default. This thread is not about the best practices on how to secure the _dev.php controllers because the best practices depends on your SCM, Web server, ... We try to find a simple way to secure the _dev.php controllers by default, so that if you happen to deploy one _dev.php controller on the production servers, you're secure. I really think that the Fabian proposal is easy, non obstrusive, and easy to customize. Fabien > > Kris > > On May 20, 2:50 pm, "Ian P. Christian" <[EMAIL PROTECTED]> wrote: >> Kris Wallsmith wrote: >>> I typically deploy to production using a Subversion checkout. The only >>> controller I have in the repository is index.php, which is enforced by >>> a "*_*.php" svn:ignore property on the web directory. >>> Isn't this simple enough? >> No. For reasons already discussed in this thread - we want this secure >> out of the box. > > -- Fabien Potencier Sensio CEO - symfony lead developer sensiolabs.com | symfony-project.com | aide-de-camp.org Tél: +33 1 40 99 80 80 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
