Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
There were some controllers in my application which weren’t secure enough to deploy to the public — ie. the authentication mechanisms weren’t ready.
As a means to block the controllers quickly, I removed the routes for them. Now, no route leads to them.
Is removing its route an efficient way to block access to a controller?
In other words, is there another way for a malicious user to get to a controller if the route for it has been disabled?
Yes, but you should also check if there are any kind of catch-all routes in your routes file, examples of this would be:
If you don’t have anything like this, you are probably safe now.