Have you ever installed a Laravel package like Telescope locally and immediately accessed it, only to wonder later whether your production access controls are actually working?
In the latest episode of the No Compromises podcast, Aaron and I discuss why tools like Telescope and Horizon behave differently in local versus production, and why that inconsistency is a problem worth solving.
We make the case that developer convenience should never come at the cost of security confidence. If your gate logic can't be exercised locally, you can't truly trust it's protecting your production environment.
- 00:00 Why local and production environments should match
- 01:42 How Telescope's gate logic behaves differently locally
- 03:01 The risk of untestable access control logic
- 07:53 How Aaron overrode the service provider to fix it
- 10:23 Silly bit
And after listening, don't forget to subscribe to the podcast, so you don't miss future episodes.
Here to help,
Joel
P.S. If you want more Laravel security insights like this one, we've put together a free resource. Get our security book.
