2

Magerun has tons of great features. It would be super easy to test and verify production setup using magerun as well as accomplish many other tasks like reindexing, database backup and so on.

Is there any reason we should not install or use it on production?

Does it open any security risk for production?

Are there any specific functionalities of Magerun that we should avoid using on production?

Raphael at Digital Pianism
  • 70,385
  • 34
  • 188
  • 352
codelogn
  • 521
  • 2
  • 5
  • 14
  • I didnt use it before but; taking a look at their github : https://github.com/netz98/n98-magerun repo, it is really active, Magento functionality mainly is being called through the ORM, which is also a good thing. I can see issues reported but also a lot of feature requests. their site also shows that they are a very professional firm. About security, at the end it is a command tool, so it should be only accessible for sysadmins/devops and mainly with this tool or any other ones you should be careful of what you can apply to your production, by at least having a staging enviroment to test on. – Rabea Sep 28 '15 at 16:38

2 Answers2

3

One quick tip: It's possible to disable commands on production systems. This prevents the headless usage.

Add this to your global system config on the server.

commands:
  disabled:
    - N98\Magento\Command\Database\DropCommand

The config can be placed i.e. here: /etc/n98-magerun.yaml

cmuench
  • 914
  • 6
  • 9
2

Magerun can absolutely be used in production. In fact we use it as part of our daily workflow.

It is updated all the time with new features and has quite a big following. It is also easy to write your own feature set for it as well.

There are no security issues as far as i am aware. It can only be run on the command line and if someone could do that then they would have access to your box anyway.

It uses the configuration data inside your Magento installation so doesn't store any other configuration.

Some commands could be considered dangerous. It is possible to uninstall a magento using magerun which would also empty your database but you would have to type that specifically. Just be aware of what each command does before you run it.

As a side note, it is also a great tool to aid automation with Magento.

Smartie
  • 3,240
  • 1
  • 12
  • 29