如何使用文件权限保护laravel中的.env文件? [英] How to secure .env file in laravel using file permission?

问题描述

具有所有凭据的我的env文件可以通过URL访问. 我发现了一些问题，例如如何在laravel中保护.env文件5.4?表示使用htaccess阻止用户访问文件.

My env file which has all the credentials is accessible through URL. I found a few questions like How to secure .env file in laravel 5.4? which says to use htaccess to prevent users from accessing the file.

但是我更喜欢使用文件权限，因此我将权限更改为仅执行的0111，但是我发现内部文件也无法访问该文件，所以我的问题是什么是正确的权限.

But I prefer using file permission so I changed permission to 0111 which is execute only but I found that the file is not accessible by the internal files as well so my question is what is the right permission.

出于安全目的而依赖文件许可是否可以.

And is it fine to depend on file permission for security purpose.

推荐答案

我希望它对您有用.

将此代码添加到.htaccess文件中

add this code in .htaccess file

<Files .env>
  Order allow,deny
    Deny from all
</Files>

这篇关于如何使用文件权限保护laravel中的.env文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！