如何在Laravel 5.4中保护.env文件? [英] How to secure .env file in laravel 5.4?

问题描述

我正在使用laravel 5.4.而且我对.env和composer.json文件有问题.任何人都可以从任何浏览器访问，并且任何人都可以看到我的数据库凭据，因此请帮助我保护此文件.

I am Working with laravel 5.4. And i have problem with .env and composer.json file. Anyone can access from any browser and anyone can see my database credentials so please help me to protect this files.

推荐答案

请记住，将服务器配置为将公用文件夹视为文档根目录后，没有人可以查看该文件夹下一级的文件.您的.env文件以及整个应用程序都已受到保护. -这就是公用文件夹在那里的原因，安全性. -如果将文档根目录设置为公用文件夹，则在浏览器中只能看到的目录就是其中的文件夹，如样式和脚本.

Remember that once your server is configured to see the public folder as the document root, no one can view the files that one level down that folder, which means that your .env file is already protected, as well your entire application. - That is the reason the public folder is there, security. - The only directories that you can see in your browser if you set the document root to the public folder is the folders that are there, like the styles and scripts.

您可以进行如下测试:

使用终端输入您的项目目录，然后单击以下命令:

Enter in your project directory with the terminal and hit this:

php -t public -S 127.0.0.1:80

-t表示文档根目录，PHP内置的Web服务器将其中的解释器解释为文档根目录. -参见波纹管:

The -t means the document root, where the PHP built-in web server will interpreter as the document root. - see bellow:

-t <docroot> Specify document root <docroot> for built-in web server.

现在尝试访问.env文件，您会看到将获得404表示找不到资源.

Now try to access the .env file, and you will see that you will get a 404 that the resource as not found.

当然，这只是一个例子，您需要配置服务器以执行相同的操作.

Of course it's just an example, you will need to configure your sever to do the same.

这篇关于如何在Laravel 5.4中保护.env文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！