Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Security--Disable or Restrict /dev


Reply

4 Posts   1103 Views

Avatar
arsenic

4 January 2010 at 7:25pm (Last edited: 4 January 2010 7:26pm), Community Member, 9 Posts

How do I disable or restrict access to /dev/reset on a production site? I tried removing all of the servers in Director::set_dev_servers and setting Director::set_environment_type("live");. I can still access /dev/reset, which means a visitor can can delete the entire site. Please advise!

Avatar
tobych

4 January 2010 at 8:02pm Community Member, 97 Posts

From a look at the source for sapphire/dev/DevelopmentAdmin.php, users only have access to this anything in dev/ if you're either logged in as a user with ADMIN rights, or the site's in development mode. Are you sure you're not logged into your site as admin? Once you've checked that, I suggest you check that the production site isn't in dev mode, perhaps by using Debug::show(Director::isDev()) in a page controller. Once you've ruled that out, make sure your security groups only have ADMIN rights when you expect this.

Toby

Avatar
arsenic

5 January 2010 at 5:18am Community Member, 9 Posts

Being logged in was it. I had IE open for days and it did not cleanly log me out. Restarting IE solved it.

Avatar
baba-papa

5 January 2010 at 5:30am Community Member, 279 Posts

Get yourself a real browser.