Sign up to save your podcasts
Or
Share Local and production should match even for Laravel tools
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Local and production should match even for Laravel tools
Ever installed a Laravel package locally and immediately accessed it, only to wonder later whether your access controls are actually working in production?
In the latest episode of the No Compromises podcast, we discuss why tools like Telescope and Horizon behave differently in local environments versus production, and why that inconsistency is a problem worth solving.
We make the case that developer convenience should never come at the cost of security confidence. If your gate logic cannot be exercised locally, you cannot truly trust it is protecting your production environment.
We also dig into how Aaron worked around the issue by overriding the package's service provider logic, and why Laravel has since made this easier to handle cleanly.
- (00:00) - Why local and production environments should match
(00:00) Why local and production environments should match
(01:42) How Telescope's gate logic behaves differently locally
(03:01) The risk of untestable access control logic
(07:53) How Aaron overrode the service provider to fix it
(10:23) Silly bit
Our courses took the production hits so your app doesn't have to.
View all episodes
By Joel Clermont and Aaron Saray
4.9
88 ratings
Ever installed a Laravel package locally and immediately accessed it, only to wonder later whether your access controls are actually working in production?
In the latest episode of the No Compromises podcast, we discuss why tools like Telescope and Horizon behave differently in local environments versus production, and why that inconsistency is a problem worth solving.
We make the case that developer convenience should never come at the cost of security confidence. If your gate logic cannot be exercised locally, you cannot truly trust it is protecting your production environment.
We also dig into how Aaron worked around the issue by overriding the package's service provider logic, and why Laravel has since made this easier to handle cleanly.
- (00:00) - Why local and production environments should match
(00:00) Why local and production environments should match
(01:42) How Telescope's gate logic behaves differently locally
(03:01) The risk of untestable access control logic
(07:53) How Aaron overrode the service provider to fix it
(10:23) Silly bit
Our courses took the production hits so your app doesn't have to.
More shows like No Compromises
View all
The Laravel Podcast
58 Listeners
Startups For the Rest of Us
701 Listeners
Darknet Diaries
8,077 Listeners
Notes On Work - by Caleb Porzio
18 Listeners
The Stack Overflow Podcast
63 Listeners
The Bootstrapped Founder
35 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,254 Listeners
Hard Fork
5,576 Listeners
Mostly Technical
27 Listeners