Development

Changeset 9489

You must first sign up to be able to contribute.

Changeset 9489

Show
Ignore:
Timestamp:
06/09/08 14:55:18 (2 years ago)
Author:
FabianLange
Message:

1.1: secured non-production controllers by default by inserting an IP check for 127.0.0.1 into those controllers. Added documentation to chapter 3 and 5 on the reasoning. This will only affect new applications created with generate:app and not be part of the upgrade. closes #2352

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/1.1/lib/task/generator/sfGenerateAppTask.class.php

    r9210 r9489  
    130130      'ENVIRONMENT' => 'prod', 
    131131      'IS_DEBUG'    => 'false', 
     132      'IP_CHECK'    => '', 
    132133    )); 
    133134 
     
    136137      'ENVIRONMENT' => 'dev', 
    137138      'IS_DEBUG'    => 'true', 
     139      'IP_CHECK'    => '// this check prevents access to debug front conrollers that are deployed by accident to production servers.'.PHP_EOL. 
     140                       '// feel free to remove this, extend it or make something more sophisticated.'.PHP_EOL. 
     141                       'if (!in_array(@$_SERVER["REMOTE_ADDR"], array("127.0.0.1")))'.PHP_EOL. 
     142                       '{'.PHP_EOL. 
     143                       '  echo("Your are not allowed to access this file. ");'.PHP_EOL. 
     144                       '  echo("Check ".basename(__FILE__)." for more information. ");'.PHP_EOL. 
     145                       '  die();'.PHP_EOL. 
     146                       '}'.PHP_EOL, 
    138147    )); 
    139148 

  • branches/1.1/lib/task/generator/skeleton/app/web/index.php

    r7962 r9489  
    11<?php 
    2  
     2##IP_CHECK## 
    33require_once(dirname(__FILE__).'/../config/ProjectConfiguration.class.php'); 
    44 

  • doc/branches/1.1/book/03-Running-Symfony.txt

    r9466 r9489  
    203203      frontend_dev.php 
    204204 
    205 `index.php` is the production front controller of the new application. Because you created the first application of the project, symfony created a file called `index.php` instead of `frontend.php` (if you now add a new application called `backend`, the new production front controller will be named `backend.php`). To run your application in the development environment, call the front controller `frontend_dev.php`. You'll learn more about these environments in Chapter 5. 
     205`index.php` is the production front controller of the new application. Because you created the first application of the project, symfony created a file called `index.php` instead of `frontend.php` (if you now add a new application called `backend`, the new production front controller will be named `backend.php`). To run your application in the development environment, call the front controller `frontend_dev.php`. Note that for security reasons the development controller is available only for localhost by default. You'll learn more about these environments in Chapter 5. 
    206206 
    207207The `symfony` command must always be called from the project's root directory (`myproject/` in the preceding examples), because all the tasks performed by this command are project-specific. 

  • doc/branches/1.1/book/05-Configuring-Symfony.txt

    r9468 r9489  
    328328>Usually, developers work on applications in a development server, disconnected from the Internet and where all the server and PHP configuration can be changed at will. When the time comes for releasing the application to production, the application files are transferred to the production server and made accessible to the end users. 
    329329> 
    330 >This means that many environments are available on each server. For instance, you can run in the production environment even on your development server. However, most of the time, only the production environment should be accessible in the production server, to avoid public visibility of server configuration and security risks. 
     330>This means that many environments are available on each server. For instance, you can run in the production environment even on your development server. However, most of the time, only the production environment should be accessible in the production server, to avoid public visibility of server configuration and security risks. To prevent accidental exposure of the non-production controllers on the production system, symfony adds a basic IP check to these front controllers, which will allow access only from localhost. If you want to have them accessible you can remove that, but think about the risk of having this accessible by anyone, as malicious users could guess the default `frontend_dev.php` and get access to a lot of debug information.  
    331331> 
    332332>To add a new environment, you don't need to create a directory or to use the symfony CLI. Simply create a new front controller and change the environment name definition in it. This environment inherits all the default configuration plus the settings that are common to all environments. The next chapter will show you how to do this. 

The Sensio Labs Network

Since 1998, Sensio Labs has been promoting the Open-Source software movement by providing quality web application development, training, consulting.
Sensio Labs also supports several large Open-Source projects.

Open-Source Products

Services

> More