Symfony 2 CRUD: Is there a standard way to auto-secure the generated controllers?
开发者_如何学PythonAll the controllers generated by the command "doctrine:generate:crud" are by default accessible in all the enviroments (ie: dev, test, prod)
How would you go about not forgetting to secure this controllers on production? I mean this is scary
The only thing I came up with is to use a secured prefix for the crud routes, and always remember to use that prefix when generating the controllers.
Any other ideas?
I think the only really "clean" way of handling this requirement is to blacklist access to all your routes via security.yml, and whitelist those which you want to be accessible.
精彩评论