Dos and Don'ts of Demo Applications

Below are lists of practical things that should and should not be done when setting up a demo website for an application.


  1. Provide htaccess basic auth to Demos that are meant for a limited audience.
  2. Setup a cron job when reasonable to refresh your database regularly.
  3. Turn off all functionality that could expose e-mail functionality. Spammers will take advantage of your application and this will cause WebEnabled (if your application is hosted on one of our servers) and yourself trouble.
  4. Provide a page somewhere with reasonable instructions on what the users are allowed to do with your demo and how to use it.
  5. If possible and if you are providing the demo to anonymous users, then give then a video and screenshots as an alternative to a full application instance.


  1. Never provide shell access to your demo to any anonymous person. Web access only.
  2. Never provide admin functionality if possible or unless you want to demonstrate admin functionality.
  3. Never leave a demo running indefinitely. Demos should be checked on regularly and the database should be refreshed regularly. Do NOT provide any e-mail capabilities to anonymous users.