HappyDeveloper
Reputation: 12805
Symfony 2 CRUD: Is there a standard way to auto-secure the generated controllers?
All the controllers generated by the command "doctrine:generate:crud" are by default accessible in all the enviroments (ie: dev, test, prod)
How would you go about not forgetting to secure this controllers on production? I mean this is scary
The only thing I came up with is to use a secured prefix for the crud routes, and always remember to use that prefix when generating the controllers.
Any other ideas?
Upvotes: 2
Views: 441
Answers (1)
Manuel Kießling
Reputation: 656
I think the only really "clean" way of handling this requirement is to blacklist access to all your routes via security.yml, and whitelist those which you want to be accessible.
Upvotes: 2
Related Questions
- how to best secure controllers actions and display different content symfony2
- Is it possible to secure whole Controller in Symfony 2?
- Symfony2 secure whole controller
- How to secure routes in Symfony using security.yml
- Symfony2 > Use Security Context in Public Route (possible alternative)
- Symfony2, How to secure all controllers in one place using custom function?
- Manage security/routing with Symfony2 by requesting a database
- Security in Symfony2
- Security and routes - Symfony2
- Securing a whole Controller in Symfony with sfGuard?