> Which means that if I (or any joker poking at your site to see if they > can do something) who requests your site by its IP address could set > your production server into dev mode.
Not necessisarily, that would depend on how the web server was set to handle requests. One of my application has a similar setup and IIS will only pass the request to the application if the IP and hostname bindings are correct. If you made a request on the IP itself you'd just get a 301 response with a redirect to the main URL. Of course, if you knew the dev URL you could get into the application in development mode (also assuming you had proper credentials), but you couldn't put the live application into dev mode just by tweaking the HTTP request. -Justin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343371 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm