Skip to main content

Laravel: How to protect .env files?

.env files:
If you develop your applications using Laravel, you probably use .env files every day in your development life. We use these files to store the most secret information of our application. Be it database credentials, the application key or any third-party service credentials.


So simply put: We do not want anyone to get access to these files!

But the truth is: quite a few .env files are accessible. And I don’t mean that they are accessible by some hackers, but by Google.

To search for public .env files, all you need to do is google for one of these terms:

DB_USERNAME filetype:env
DB_PASSWORD filetype:env
APP_DEBUG filetype:env

Secure your .env files
The reason that these .env files are accessible and also get scraped is because of two things:

Misconfigured shared hosting
The .env file has the wrong access rights
Shared hosting
If you use shared hosting, please make sure that the root folder of your Laravel application is not accessible from the outside.

Only “public” folder should be accessible from the webserver. If you cannot modify these settings on a shared hosting system, move to a VPS now.

Wrong .env access rights
Another possible issue could be, that your .env file simply has the wrong access rights.

Set the CHMOD of your .env file to 400 or 440 so that it cannot be accessed by public users.

These should all be quite obvious things, that you usually do not have to deal with — but since it comes up on Google, I thought it will be worth talking about this.

Comments

Post a Comment

Popular posts from this blog

Why Prestashop is the best eCommerce platform?

Why Prestashop is the best eCommerce  platform? E-commerce is the current buzzword in the online world. Every business owner desires to have online eCommerce website to reach many people and get more sales. Prestashop is the one of the best eCommerce solution for the best eCommerce site because of its feature. Free, Open-source Prestashop is totally free to download, You don't need to pay for using it. Supports whenever you need them. Best part of this is you don't need to search for the required documentation as these are available on the website of Prestashop. Easy to Install  And Smart Back-End Prestashop scores very high in the segment of usability. The installation is very easy and the installation requires very little technical skills. PrestaShop helps you to run your store in a manner that proves beneficial for you. It is highly impressive and it is even integrated with all the major carriers such as UPS, FedEx and USPS. Also, the backend dashboard o...
Post a Comment
Read more

10 Digital Marketing Tips for Small Business Owners

Online Marketing is plays an important role for any small business hoping to stay competitive . But what online marketing tactics should you focus on in your limited time is a busy entrepreneur? Here are 10 necessary digital marketing tips for all small business owners. 1. Starts with Your Website Make sure you have an updated, responsive and attractive website that is easy for users to negative across all devices and has a modern and clean design wit not more than two or three colour theme. 2. Don’t Forget the Basics Include necessary information customers want to know- your business address, phone number, E-mail address, hours of operations, etc. - on your website where visitors can find them right away. You’d be surprised how many businesses forget to list this info. 3. Think Local If your business targets local customers, claim your listings on local search directories, such as Google My Business and Bing places for business. They are free and help ensure th...
Post a Comment
Read more

Latest PHP web development trends

1) Faster and leaner PHP 7 - PHP 7 looks familiar for developers, but it is especially focused on high performance. - Experts predict the growth of PHP 7 adoption rate, and they have several reasons for verifying such forecast.  - Using PHP 7 the performance of applications has gained up twice comparing with older versions.  - RAM consumption was decreased by 50% during the request processing in PHP 7. - Previously there are many errors which are reason of application stop working now those can be processed as exceptions - The most popular CMS and frameworks such as WordPress, Magento and Symfony ready for PHP 7. - All these changes of PHP 7 increase application speed and reduce resources needs. 2) Market forecast - Experts predict that by 2025 half of American enterprises are expected to run more than 10 applications. - Though PHP cannot be the best choice for any web solutions, it is still holding the lead positions in the development of tech startups...
Post a Comment
Read more