Security Tip: Disable Dev & Test Commands in Production
[Tip#6] Because sometimes being paranoid is a good thing.
I hope you had fun with last week’s In Depth look at SQLi1, and learnt something new. It’s been entertaining to watch the logs on my server to what creative attacks everyone is trying. 🍿
This week we’re shifting gears with a reminder around dev and test commands in production. It helps being paranoid about security, and I’m always worried about accidently triggering a dev command on prod, so this Security Tip is something I’ve been doing for years.
Ensure Your Dev & Test Artisan Commands Are Disabled in Production
If you’re like me, you’ll have some Artisan commands in your projects that run development and/or testing tasks. These commands manipulate data in some way and are definitely not safe to run on production.
This is what I do to stop dev & test Artisan commands being accidently run:
Keep reading with a 7-day free trial
Subscribe to Securing Laravel to keep reading this post and get 7 days of free access to the full post archives.