[Tip#49] Dev tools are are really helpful, but they are still just dev tools. Don't install them on production... or anywhere world-accessible, if you can avoid it.
Yeah this is a tough balance, telescope is amazing for being able to debug issues. We've done our hardening re: access in production but its sad that OOTB (unless I'm missing something) I can't host it on a different subdomain and have separate auth for it.
Stephen, do you have any recommendations for zero-trust tooling to put telescope and nova behind them?
Security Tip: Disable Dev Tools on Prod
Would you recommend moving "laravel/tinker" to dev?
Yeah this is a tough balance, telescope is amazing for being able to debug issues. We've done our hardening re: access in production but its sad that OOTB (unless I'm missing something) I can't host it on a different subdomain and have separate auth for it.
Stephen, do you have any recommendations for zero-trust tooling to put telescope and nova behind them?
Hi Stephen, as a subscriber should I be able to see the 2 posts you mention in the opening paragraph?
Looking to learn more?
⏩ OWASP Security Tip: A09:2021 – Security Logging and Monitoring Failures
▶️ OWASP In Depth: A08:2021 – Software and Data Integrity Failures
Both seem to be private.
Thanks