英文:
Is denying the .env file via htaccess enough for laravel application security?
问题
- 通过htaccess拒绝.env文件对应用程序安全足够吗?
- 我是否必须在与public_html相同的目录级别安装应用程序,我是否必须创建符号链接?
谢谢!
英文:
In shared hosting, I installed all laravel application files in the root folder (public_html). But also I deny the .env file via htaccess.
- So is denying the .env file via htaccess enough for application security?
- Do I have to install the app at the same directory level of public_html and do i have to create a symlink?
Thanks!
答案1
得分: 0
这样通过htaccess拒绝.env文件是否足以保障应用程序安全?
不足够。
以下是这种方法不足够的示例:
- 某人可能会访问诸如
storage/logs/laravel.log
之类的文件,并查看可能包含敏感信息的内容。 - 在服务器上配置错误/破坏PHP将允许用户以纯文本形式浏览您的PHP文件,从而可能揭示您整个的源代码。
英文:
> So is denying the .env file via htaccess enough for application security?
No.
Examples of where this would not be sufficient:
- Someone could access files like
storage/logs/laravel.log
and see potentially sensitive information. - Misconfiguring/breaking PHP on the server would permit users to browse your PHP files as plain text, potentially revealing the entirety of your source code.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论