Is it safe to use a secret subdomain for the dev version of a project?

A

Alexander2019-08-25 23:53:11

Domain Name System

Alexander, 2019-08-25 23:53:11

I'm developing a project and keep the dev version on spec. subdomain with http-auth access.
I want to set up pwa, but http-auth gets in the way. Would it be safe to use some secret non-obvious subdomain and disable http-auth? Can someone find this subdomain?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

P

PrAw, 2019-08-26
@LordGuard

In the general case, the secret domain is not secure, you can stupidly brute force come across. Plus, search engines have noticed that through the monitoring tools built into browsers, they monitor access to new sites and quietly add them to the search index.
And the DEV version usually suffers from a huge amount of debug information, so it is desirable to secure it.
If authorization interferes with something, then you can simply block access by means of the web server not from the developer's IP addresses (.htaccess, nginx.conf), or organize cookies that will be checked before content is served.