Jump to:

23370 Posts in 18160 Topics by 2864 members

General Questions

SilverStripe Forums » General Questions » Security--Disable or Restrict /dev

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1085 Views
  • arsenic
    Avatar
    Community Member
    9 Posts

    Security--Disable or Restrict /dev Link to this post

    How do I disable or restrict access to /dev/reset on a production site? I tried removing all of the servers in Director::set_dev_servers and setting Director::set_environment_type("live");. I can still access /dev/reset, which means a visitor can can delete the entire site. Please advise!

  • tobych
    Avatar
    Community Member
    97 Posts

    Re: Security--Disable or Restrict /dev Link to this post

    From a look at the source for sapphire/dev/DevelopmentAdmin.php, users only have access to this anything in dev/ if you're either logged in as a user with ADMIN rights, or the site's in development mode. Are you sure you're not logged into your site as admin? Once you've checked that, I suggest you check that the production site isn't in dev mode, perhaps by using Debug::show(Director::isDev()) in a page controller. Once you've ruled that out, make sure your security groups only have ADMIN rights when you expect this.

    Toby

  • arsenic
    Avatar
    Community Member
    9 Posts

    Re: Security--Disable or Restrict /dev Link to this post

    Being logged in was it. I had IE open for days and it did not cleanly log me out. Restarting IE solved it.

  • baba-papa
    Avatar
    Community Member
    279 Posts

    Re: Security--Disable or Restrict /dev Link to this post

    Get yourself a real browser.

    1085 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.