php - Prevent public access to env file -

-

i found laravel 5 may output sensitive data , can lead further exploitation of many hosts:

https://www.google.com/search?q=intext%3adb_password+ext%3aenv&gws_rd=ssl

i want know way secure .env file. can use below code in .htaccess file protect .env file browser view?

# protect .env <files .env> order allow,deny deny </files>

will above code in .htaccess work , protect .env file?

this isn't vulnerability, , isn't remotely issue provided installs laravel correctly - webroot public folder, not repository/project root.

the config files , .env file in laravel not contained in webroot, therefore need ensure webroot path/to/project/public.

the google query provided literally bunch of people didn't read documentation before installing laravel.


Comments

Post a Comment

Popular posts from this blog

swift - How to change text of a button with a segmented controller? -

-
i have button links view control. trying change text of button segmented control. using jared davidson tutorial on segmented controls changing text of labels . how change text of button? also, when attempted japanese characters, got error on line: "invalid character in source file". thank you! you can change button title japanese characters way: yourbutton.settitle("ボタンのタイトル", forstate: uicontrolstate.normal)
Read more

python - How to create jsonb index using GIN on SQLAlchemy? -

-
here's current code creating index jsonb. index("mytable_data_idx_id_key", mytable.data['id'].astext, postgresql_using='gin') but got error. sqlalchemy.exc.programmingerror: (psycopg2.programmingerror) data type text has no default operator class access method "gin" hint: must specify operator class index or define default operator class data type. [sql: "create index event_data_idx_id_key on event using gin ((data ->> 'id'))"] is there way create index on sqlalchemy? the postgresql specific sqlalchemy docs @ http://docs.sqlalchemy.org/en/latest/dialects/postgresql.html#operator-classes mention postgresql_ops dictionary provide "operator class" used postgresql, , provide example illustrating use: index('my_index', my_table.c.id, my_table.c.data, postgresql_ops={ 'data': 'text_pattern_ops', ...
Read more

PHP DOM loadHTML() method unusual warning -

-
i had following code works fine on localhost: $document = new domdocument(); $document->loadhtml($p_result); $form = $document->getelementsbytagname('form')->item(0); // code continues using $form variable after same code updated on outside server, loadhtml() failed , issued warning. warning: domdocument::loadhtml() expects parameter 1 valid path, string given in path/name/to/script.php returned null instead of object code pretty gets fatal error. note contents of $p_result absolutely same on outside server , on localhost. but why displays kind of warning , why not work? doesn't loadhtml() expects argument 1 string in first place? why method expects parameter 1 valid path ? just make clear i'm not calling loadhtmlfile() , i'm calling loadhtml() . thanks. you're affected one of php bugs . issue present in php 5.6.8 , 5.6.9. have affected php version on server, , bug-free version on localhost. the bug forbids null ...
Read more