I hope you had fun with last week’s In Depth look at SQLi1, and learnt something new. It’s been entertaining to watch the logs on my server to what creative attacks everyone is trying. 🍿

This week we’re shifting gears with a reminder around dev and test commands in production. It helps being paranoid about security, and I’m always worried about accidently triggering a dev command on prod, so this Security Tip is something I’ve been doing for years.

Ensure Your Dev & Test Artisan Commands Are Disabled in Production

If you’re like me, you’ll have some Artisan commands in your projects that run development and/or testing tasks. These commands manipulate data in some way and are definitely not safe to run on production.

This is what I do to stop dev & test Artisan commands being accidently run: