Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Security--Disable or Restrict /dev


Reply


4 Posts   1107 Views

Avatar
arsenic

Community Member, 9 Posts

4 January 2010 at 7:25pm

Edited: 04/01/2010 7:26pm

How do I disable or restrict access to /dev/reset on a production site? I tried removing all of the servers in Director::set_dev_servers and setting Director::set_environment_type("live");. I can still access /dev/reset, which means a visitor can can delete the entire site. Please advise!

Avatar
tobych

Community Member, 97 Posts

4 January 2010 at 8:02pm

From a look at the source for sapphire/dev/DevelopmentAdmin.php, users only have access to this anything in dev/ if you're either logged in as a user with ADMIN rights, or the site's in development mode. Are you sure you're not logged into your site as admin? Once you've checked that, I suggest you check that the production site isn't in dev mode, perhaps by using Debug::show(Director::isDev()) in a page controller. Once you've ruled that out, make sure your security groups only have ADMIN rights when you expect this.

Toby

Avatar
arsenic

Community Member, 9 Posts

5 January 2010 at 5:18am

Being logged in was it. I had IE open for days and it did not cleanly log me out. Restarting IE solved it.

Avatar
baba-papa

Community Member, 279 Posts

5 January 2010 at 5:30am

Get yourself a real browser.