It's not a massive problem, but it's something that should be tidied up.

The best bet is to force admin log-in for these kinds of actions, since sometimes you want to be able to do this on the live site - to update the schema after republication, for example.

One of the issues is that we will run into at our office is that our publication script needs to be able to visit db/build without logging in.

I recommend that we set up some kind of "debug security" option in the form of a function called Security::use_debug_security();

It will
* Check that the IP requesting isn't one of the "allowed IPs"
* Otherwise, check that this current user has admin privileges
* Otherwise, redirect to the log-in page and end execution.

function doBuild($quiet = false) {
+ Security::use_debug_security();
if($quiet) DB::quiet();
else echo "<h2>Building Database</h2>";

We can add a method Security::allow_debug_security_for($ip). $ip could be:
* 192.168.0.1
* 192.168.0/24
* 192.168/16
* 192/8

This debug security option can also be used on manually switching to dev mode, viewing profile / debugging information, flushing the templates, etc.

This is resolved in v2.0.2 that came out a few days ago.

You now have to log in as an administrator to run db/build

Hi JoGiles,

It seems that sometimes build/db authentication does not work. It works on my local dev server, but not on my remote one. The best workaround that I know of is to temporarily enable dev mode: http://doc.silverstripe.com/doku.php?id=devmode

Hope this helps,

Elijah