I am building a web application for a client. I want to host it publicly at a spare domain, so they can access it and review it as it progresses. I want it to be as close as possible to how they will experience it when it goes live on their real domain.
The application is built in Laravel, and most of the pages require a login, so are automatically protected. There are some, however, which are publicly available. I'll obviously set a robots.txt to discourage indexing by search engines, but that's not infallible as we know.
What options are there for providing access to my customer in a secure way? Here's my list so far:
- Implement HTTP Basic Auth for routes that are not already protected. But application-level auth is already complex enough (with RBAC, etc), so I would rather not.
- Modify .htaccess to allow IP addresses only from their work network. They have a mobile workforce though, so this is not a great solution.
- Setup a VPN. This is not my sweet spot, and seems like a lot of work.
- Give them access to start/stop the virtual host, or put the application in development mode. This would mean their team members would have to coordinate their test sessions, which would be too restrictive.
What other options are there?
Aucun commentaire:
Enregistrer un commentaire