Laravel Security In Depth

Share this post

Security Tip: Disable Dev & Test Commands in Production

larasec.substack.com

Security Tip: Disable Dev & Test Commands in Production

[Tip#6] Because sometimes being paranoid is a good thing.

Stephen Rees-Carter
Oct 31, 2021
1
Share this post

Security Tip: Disable Dev & Test Commands in Production

larasec.substack.com

I hope you had fun with last week’s In Depth look at SQLi1, and learnt something new. It’s been entertaining to watch the logs on my server to what creative attacks everyone is trying. 🍿

This week we’re shifting gears with a reminder around dev and test commands in production. It helps being paranoid about security, and I’m always worried about accidently triggering a dev command on prod, so this Security Tip is something I’ve been doing for years.


Ensure Your Dev & Test Artisan Commands Are Disabled in Production

If you’re like me, you’ll have some Artisan commands in your projects that run development and/or testing tasks. These commands manipulate data in some way and are definitely not safe to run on production.

This is what I do to stop dev & test Artisan commands being accidently run:

Keep reading with a 7-day free trial

Subscribe to Laravel Security In Depth to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 Stephen Rees-Carter
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing