outside of the webserver?
I made this error once on a live site. Someone hacked my sight
connected to the db and deleted everything in the tables.
When this happened I didn't go off and blame CakePHP or even MySql. I
knew I was the one responsible for the security of that site.
You could just as easily blame MySql for allowing you to configure a
connection from outside your network.
I changed the user credentials to a specific user (not root) and
password to the db and restricted Mysql to only accept connections
from the webserver for that user. I added a sandbox.php to my
configurations. My app/config/sandbox.php is NOT checked into the
repository and it holds custom configuration for the local system. So
on my dev machine I have some specific settings and for the live
deployment I have a different set of settings. It also enables
multiple developers to have completely separate configurations and not
effect the structure in source repository. This sandbox file is loaded
via Configure::load('sandbox'); at the top of core.php and used as in
Configure::write('debug', Configure::read('Sandbox.debug'));
I don't remember exactly where the concept of using a sandbox.php file
and Configure::load() came from (I think it was in one of the many
articles from one of the core devs) but the credit for this technique
belongs to them and is probably why the function is already in the
Configure class in the first place.
I've thought about using getReferer or $_SERVER['SERVER_NAME'] as part
of the sandbox file name which would allow me to do local testing on
the live server but have yet to implement that. You would create
multiple sandbox files as in mysite_com_sandbox.php and
127_0_0_1_sandbox.php
Overall I'm with Mark. If we as a community want those changes we need
to strengthen our understanding of that code and submit a patch. As
for me I've learned my lesson, I have a great solution that works
great with the current code base and solves a few additional problems
I was having with multiple developers and deploying new changes to the
server. These are very simple to setup and make a part of your
deployment process.
-Morgan
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment