拒绝通过htaccess文件访问.env文件对Laravel应用程序安全是否足够?

huangapple go评论71阅读模式
英文:

Is denying the .env file via htaccess enough for laravel application security?

问题

  1. 通过htaccess拒绝.env文件对应用程序安全足够吗?
  2. 我是否必须在与public_html相同的目录级别安装应用程序,我是否必须创建符号链接?

谢谢!

英文:

In shared hosting, I installed all laravel application files in the root folder (public_html). But also I deny the .env file via htaccess.

  1. So is denying the .env file via htaccess enough for application security?
  2. Do I have to install the app at the same directory level of public_html and do i have to create a symlink?

Thanks!

答案1

得分: 0

这样通过htaccess拒绝.env文件是否足以保障应用程序安全?

不足够。

以下是这种方法不足够的示例:

  • 某人可能会访问诸如storage/logs/laravel.log之类的文件,并查看可能包含敏感信息的内容。
  • 在服务器上配置错误/破坏PHP将允许用户以纯文本形式浏览您的PHP文件,从而可能揭示您整个的源代码。
英文:

> So is denying the .env file via htaccess enough for application security?

No.

Examples of where this would not be sufficient:

  • Someone could access files like storage/logs/laravel.log and see potentially sensitive information.
  • Misconfiguring/breaking PHP on the server would permit users to browse your PHP files as plain text, potentially revealing the entirety of your source code.

huangapple
  • 本文由 发表于 2023年2月18日 23:17:34
  • 转载请务必保留本文链接:https://go.coder-hub.com/75494296.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定