Closed nbloomf closed 5 years ago
No, as you'd only ever be using the sdk in the context of sandbox or production. If someone has gotten access to your server and setting your environment to something other than those values, you have much bigger problems :)
That said, this code path is largely deprecated, and we'll see if we can remove it from the next major version.
That code path has been removed in v4.0.0.
With .dev becoming a publicly available TLD as of February 2019, is this instance of
auth.venmo.dev
a potential security issue?https://github.com/braintree/braintree_php/blob/49ba5ac81e8c04bb3ffe8888b320616168bc8597/lib/Braintree/Configuration.php#L620