更改文件夹结构以删除公用文件夹时,对Laravel 5的安全性有影响 [英] Affect on security of Laravel 5 when change folder structure to remove public folder
问题描述
我是Laravel 5的新手.
I'm new in Laravel 5.
我在堆栈溢出中找到了 Laravel 5-从URL删除公共从我的Laravel 5 App中删除公用文件夹.只有我对安全性有疑问.
I found this Laravel 5 - Remove public from URL on Stack Overflow to remove public folder from my Laravel 5 App. Only I have a question about the security.
当我从URL删除公共文件夹时,我必须更改Laravel 5的基本文件夹结构.是的,没有URL的公共文件夹也可以正常工作.
When I am removing public from URL, then I have to change the basic folder structure of Laravel 5. Yes, it's working fine without the public from the URL.
但是,由于我要更改默认文件夹结构,Laravel的安全性如何?使用安全吗?
But what's about the security of Laravel, because I am changing the default folder structure? Is it secure to use?
推荐答案
您应该将Apache主机根目录指向$LARAVEL_PATH/public
目录而不是$LARAVEL_PATH
.
You should be pointing your Apache host root to the $LARAVEL_PATH/public
directory instead of $LARAVEL_PATH
.
拥有www主机根目录而不是项目根目录的子目录的目的是,您不会通过Web服务器泄漏任何项目文件.
The point of having sub directory for www host root instead of project root is that you're not leaking any of your project files through your web server.
即使所有PHP文件都有文件后缀.php
,恶意用户也可以访问您的$LARAVEL_PATH/storage
目录及其子目录内容,读取您的composer.json
或package.json
来查找易受攻击的依赖项或读取.env
文件等
Even though all the PHP files have the file suffix .php
, malicious user can access your $LARAVEL_PATH/storage
directory and its subdirectory contents, read your composer.json
or package.json
to find vulnerable dependencies or read .env
file etc.
如果您正在共享主机上运行,并且具有必需的public_html
,请尝试在该public_html
目录之外安装Laravel,然后删除public_html(如果为空),并用符号链接替换为$LARAVEL_PATH/public OR if you want the Laravel instance to be subdirectory of
public_html , do the same but create symlink from
$ LARAVEL_PATH/public to
public_html/$ PROJECT_SUBDIR`.
If you're running on shared hosting and you have mandatory public_html
, try installing Laravel outside of that public_html
directory and either removing public_html (if empty) and replace it with symlink to $LARAVEL_PATH/public OR if you want the Laravel instance to be subdirectory of
public_html, do the same but create symlink from
$LARAVEL_PATH/publicto
public_html/$PROJECT_SUBDIR`.
存在该公共目录是出于使项目更安全的原因.解决实际问题,不要试图破坏这个简单但不错的安全性补充. :)
That public directory is there for reason to make project a bit more secure. Solve the actual problem and don't try to break this simple but nice security addition. :)
这篇关于更改文件夹结构以删除公用文件夹时,对Laravel 5的安全性有影响的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!