Question:
Is there a way to gatekeep laravel tinker
Is there a way to gatekeep laravel tinker
-
I was wondering if it was possible to extend or replace the php artisan tinker command so it first asks for authentication as a way to gatekeep who can use it.
I tried the following:
But I get an error because I have not included the 'include' parameter used by TinkerCommand@handle
I'm not sure what the include argument is about. I tried dumping it and it's an empty array. At this point I'm wondering if there's a better way.
0
+
Tages :
php
Answers :
If an user is able to run php artisan tinker, he is also able to:
-
See the source code of your project. He probably can edit it too, but it may not be the case with proper file permissions
-
See your
.env, containing your database credentials and other sensitive information such as api keys
I'm not sure it is actually useful to restrict access inside tinker to an user that already has so many privilegies and possibilities. He could edit your database users table to grant access to a user controlled by himself for example, or he could edit the source code to allow access.
Here is a little visualization of the problem:
0
+