更改文件夹结构以删除公用文件夹时，对Laravel 5的安全性有影响 [英] Affect on security of Laravel 5 when change folder structure to remove public folder

问题描述

我是Laravel 5的新手.

I'm new in Laravel 5.

我在堆栈溢出中找到了 Laravel 5-从URL删除公共从我的Laravel 5 App中删除公用文件夹.只有我对安全性有疑问.

I found this Laravel 5 - Remove public from URL on Stack Overflow to remove public folder from my Laravel 5 App. Only I have a question about the security.

当我从URL删除公共文件夹时，我必须更改Laravel 5的基本文件夹结构.是的，没有URL的公共文件夹也可以正常工作.

When I am removing public from URL, then I have to change the basic folder structure of Laravel 5. Yes, it's working fine without the public from the URL.

但是，由于我要更改默认文件夹结构，Laravel的安全性如何?使用安全吗?

But what's about the security of Laravel, because I am changing the default folder structure? Is it secure to use?

推荐答案

您应该将Apache主机根目录指向$LARAVEL_PATH/public目录而不是$LARAVEL_PATH.

You should be pointing your Apache host root to the $LARAVEL_PATH/public directory instead of $LARAVEL_PATH.

拥有www主机根目录而不是项目根目录的子目录的目的是，您不会通过Web服务器泄漏任何项目文件.

The point of having sub directory for www host root instead of project root is that you're not leaking any of your project files through your web server.

即使所有PHP文件都有文件后缀.php，恶意用户也可以访问您的$LARAVEL_PATH/storage目录及其子目录内容，读取您的composer.json或package.json来查找易受攻击的依赖项或读取.env文件等

Even though all the PHP files have the file suffix .php, malicious user can access your $LARAVEL_PATH/storagedirectory and its subdirectory contents, read your composer.json or package.json to find vulnerable dependencies or read .env file etc.

如果您正在共享主机上运行，​​并且具有必需的public_html，请尝试在该public_html目录之外安装Laravel，然后删除public_html(如果为空)，并用符号链接替换为$LARAVEL_PATH/public OR if you want the Laravel instance to be subdirectory of public_html , do the same but create symlink from $ LARAVEL_PATH/public to public_html/$ PROJECT_SUBDIR`.

If you're running on shared hosting and you have mandatory public_html, try installing Laravel outside of that public_html directory and either removing public_html (if empty) and replace it with symlink to $LARAVEL_PATH/public OR if you want the Laravel instance to be subdirectory ofpublic_html, do the same but create symlink from$LARAVEL_PATH/publictopublic_html/$PROJECT_SUBDIR`.

存在该公共目录是出于使项目更安全的原因.解决实际问题，不要试图破坏这个简单但不错的安全性补充. :)

That public directory is there for reason to make project a bit more secure. Solve the actual problem and don't try to break this simple but nice security addition. :)

这篇关于更改文件夹结构以删除公用文件夹时，对Laravel 5的安全性有影响的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！