Menu
I just found that Laravel 5 may output sensitive data and can lead to further exploitation of many hosts:
https://www.google.com/search?q=intext%3ADB_PASSWORD+ext%3Aenv&gws_rd=ssl
I want to know the way to secure my .env file. Can I use below code in .htaccess file to protect my .env file from browser view?
# Protect .env
<Files .env>
Order Allow,Deny
Deny from all
</Files>
Will my above code in .htaccess work and protect my .env file?
210
This isn't a vulnerability, and isn't even remotely an issue provided someone installs Laravel correctly - the webroot is the public folder, not the repository/project root.
The config files and .env file in laravel are not contained in the webroot, therefore you only need to ensure your webroot is path/to/project/public.
The google query you provided is literally just a bunch of people who didn't read the documentation before installing Laravel.
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
