Local and production should match even for Laravel tools
カートのアイテムが多すぎます
カートに追加できませんでした。
ウィッシュリストに追加できませんでした。
ほしい物リストの削除に失敗しました。
ポッドキャストのフォローに失敗しました
ポッドキャストのフォロー解除に失敗しました
Local and production should match even for Laravel tools
-
ナレーター:
-
著者:
概要
Ever installed a Laravel package locally and immediately accessed it, only to wonder later whether your access controls are actually working in production?
In the latest episode of the No Compromises podcast, we discuss why tools like Telescope and Horizon behave differently in local environments versus production, and why that inconsistency is a problem worth solving.
We make the case that developer convenience should never come at the cost of security confidence. If your gate logic cannot be exercised locally, you cannot truly trust it is protecting your production environment.
We also dig into how Aaron worked around the issue by overriding the package's service provider logic, and why Laravel has since made this easier to handle cleanly.
- (00:00) - Why local and production environments should match
- (01:42) - How Telescope's gate logic behaves differently locally
- (03:01) - The risk of untestable access control logic
- (07:53) - How Aaron overrode the service provider to fix it
- (10:23) - Silly bit
(00:00) Why local and production environments should match
(01:42) How Telescope's gate logic behaves differently locally
(03:01) The risk of untestable access control logic
(07:53) How Aaron overrode the service provider to fix it
(10:23) Silly bit
Our courses took the production hits so your app doesn't have to.