[barylen]

Your dev server shouldn't be accessible to the public. If you want a server to be accessible to the public that isn't your production server (which is valid), you should be doing things as similar to production as possible (not running tests on it).

[jbrowne]

Thanks barylen for the response! Totally get what you're saying, could you expand a bit on why?

[wpietri]

I agree with barylen. Dev should never be visible. For the general reason that the default is "hidden". You make specific exceptions for the small number of things you want people to see.

There are a lot of reasons for that, but for me the two big reasons are good user experience and good security. You get a good user experience by carefully controlling what people see and making sure that's polished. You don't want to have to think about them stumbling across things that aren't for them. And good security requires minimal attack surface. You don't give naughty people anything to abuse that you don't have to.

[jbrowne]

That all stands to reason, thanks for the input wpietri.