21309 Posts in 5738 Topics by 2603 members
|
Page:
1
|
Go to End | |
| Author | Topic: | 928 Views |
-
Security--Disable or Restrict /dev
4 January 2010 at 7:25pm Last edited: 4 January 2010 7:26pm
How do I disable or restrict access to /dev/reset on a production site? I tried removing all of the servers in Director::set_dev_servers and setting Director::set_environment_type("live");. I can still access /dev/reset, which means a visitor can can delete the entire site. Please advise!
-
Re: Security--Disable or Restrict /dev
4 January 2010 at 8:02pm
From a look at the source for sapphire/dev/DevelopmentAdmin.php, users only have access to this anything in dev/ if you're either logged in as a user with ADMIN rights, or the site's in development mode. Are you sure you're not logged into your site as admin? Once you've checked that, I suggest you check that the production site isn't in dev mode, perhaps by using Debug::show(Director::isDev()) in a page controller. Once you've ruled that out, make sure your security groups only have ADMIN rights when you expect this.
Toby
-
Re: Security--Disable or Restrict /dev
5 January 2010 at 5:18am
Being logged in was it. I had IE open for days and it did not cleanly log me out. Restarting IE solved it.
| 928 Views | ||
|
Page:
1
|
Go to Top |
