Version 4 supported
This version of Silverstripe CMS is still supported though will not receive any additional features. Go to documentation for the most recent stable version.

Environment types

Silverstripe CMS knows three different environment types (or "modes"). Each of the modes gives you different tools and behaviors. The environment is managed by the SS_ENVIRONMENT_TYPE variable through an environment configuration file. The three environment types you can set are dev, test and live.

Dev

When developing your websites, adding page types or installing modules you should run your site in dev. In this mode you will see full error back traces and view the development tools without having to be logged in as an administrator user.

dev mode should not be enabled long term on live sites for security reasons. In dev mode by outputting back traces of function calls a hacker can gain information about your environment (including passwords) so you should use dev mode on a public server very carefully.

Test mode

Test mode is designed for staging environments or other private collaboration sites before deploying a site live.

In this mode error messages are hidden from the user and Silverstripe CMS includes BasicAuth integration if you want to password protect the site. You can enable that by adding this to your app/_config/app.yml file:

---
Only:
  environment: 'test'
---
SilverStripe\Security\BasicAuth:
  entire_site_protected: true

The default password protection in this mode (Basic Auth) is an oudated security measure which passes credentials without encryption over the network. It is considered insecure unless this connection itself is secured (via HTTPS). It also doesn't prevent access to web requests which aren't handled via Silverstripe CMS (e.g. published assets). Consider using additional authentication and authorisation measures to secure access (e.g. IP whitelists).

When using CGI/FastCGI with Apache, you will have to add the RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] rewrite rule to your .htaccess file

Live mode

All error messages are suppressed from the user and the application is in it's most secure state.

Live sites should always run in live mode. You should not run production websites in dev mode.

Checking environment type

You can check for the current environment type in config files through the environment variant.

# app/_config/app.yml
---
Only:
  environment: 'live'
---
MyClass:
  myvar: live_value
---
Only:
  environment: 'test'
---
MyClass:
  myvar: test_value

Checking for what environment you're running in can also be done in PHP. Your application code may disable or enable certain functionality depending on the environment type.

use SilverStripe\Control\Director;

if (Director::isLive()) {
    // is in live
} elseif (Director::isTest()) {
    // is in test mode
} elseif (Director::isDev()) {
    // is in dev mode
}

Related lessons