Closed kevinvdburgt closed 6 years ago
Migrations ask you to confirm when on production env, maybe we can prompt people before performing the tasks.
There is a package that allows for this functionality if required. I'm not a fan of making decisions to inhibit developers by disabling or hiding things, but I can understand a prompt. I don't this this should be part of core either way.
I concur that to inhibit developers from executing certain artisan commands in production environments is not a good idea. However, I disagree that precautions should not be part of the core framework. Confirming before migrating in a production environment has saved my arse on multiple occasions. That said, I don't see value in confirming before executing or disabling any of the "make" commands because I don't see them as harmful like migrations and seeding can be.
What arguments are there for preventing "make" commands on production? Other than you don't think you would ever need to do it. And are there any other commands that we should consider?
The reason behind this is that server admins are messing around with artisan commands (some sysadmin of a client was already messing around with the make command...).
However, I think the package @jlaswell mentioned kinda will do the trick.
... server admins are messing around ...
There's an attack vector that cannot be solved with code. Have you tried shock collars?
Yesterday i was thinking of the following situation:
What if you are running
php artisan
on a production environment, why should i ever usephp artisan make:(model, controller etc..)
? Instead, isnt it just a better option to disable/hide some artisan commands when theAPP_ENV
has been set onproduction
?