This is admittedly more of a theoretical exercise.
I was thinking about a sub domain that isn’t indexed and requires login
That’s what I usually do.
And I use htpasswd, so it doesn’t rely on the application for authentication.
Is it really an unchecked gateway though?
Well, I wasn’t quite sure of the context of your question. If there were multiple people authorized to pull in changes, or if all commits were pushed to the server automatically (even if it was to a dev repo and not the live site), then it wouldn’t be a risk I would take.
And, at the end of the day, if you auto-push from github, then an attacker doesn’t need your ssh keys: just to break into your account. It could conceivably bring your last line of defense down to the level of session hijacking.
I would make a copy of your release server or setup a VM on my home network and get some ip addresses from my isp to link with my test domain name.
I don’t think this level of effort is necessary. As long as your dev environment is reasonably similar to your live environment, you should be fine. And you certainly don’t need to buy extra IPs (just edit your
hosts file, or run a local nameserver).
The main reason I put an actual dev site on the server (as opposed to “just” a repo), is because it is an opportunity to do last-minute testing in a known identical environment.
I think I found the answer to this question
Hey, pretty cool.