将 Laravel 项目文件保存在 public_html 中是否不安全? [英] Is it unsafe to keep a Laravel project files inside public_html?

问题描述

我在共享主机上的 public_html(即下一层)中有 3 个不同的 Laravel 项目.

I have 3 different laravel projects inside public_html (that is, one level below) on a shared hosting.

我将每个域/子域文档根路径更改为指向相应的项目/公共文件夹(即 public_html/project1/public)

I changed each domain/subdomain document root path to point to the respective project/public folder (i.e. public_html/project1/public)

此外，我将 Options -Indexes 语句放在我的 .htaccess 文件中，这样人们就无法直接浏览我的项目文件，并拒绝对 .env 文件的所有访问.

Additionally I put the Options -Indexes statement in my .htaccess files so people can't browse directly into my project files, and denied all access to .env files.

是否仍然存在执行此操作的漏洞?

Is there still a vulnerability doing this?

推荐答案

我假设当您提到 public_html 时，您正在使用类似 cpanel 的共享托管解决方案.在这些情况下，apache 托管配置和对相应文件夹的访问由托管提供商管理.这意味着您可以限制访问您的代码.通常，托管服务提供商会将 public_html 中的所有文件设为公开.

I assume that when you mention public_html, that you are using a cpanel like shared hosting solution. In these scenarios, the apache hosting configuration and access to respective folders is managed by the hosting provider. That means you have limited access to restrict access to your code. Typically the hosting provider makes all files in public_html public.

因此，如果我对您的设置的假设是正确的，那么您的问题的答案是:是的，这是不安全的.

So if my assumption on your setup is correct, the answer to your question is: Yes this is unsafe.

您可能还想知道:如何在共享托管服务器上安全地安装 Laravel?

您应该按照 laravel-news 中的说明进行操作.本文将向您展示如何提取应该公开的文件夹并更新您的配置以指向迁移到新位置的子文件夹.

You should follow the instructions from laravel-news. This article will show you how to pull out the folders that should be public and update your configuration to point to the sub folders that migrated to a new location.

希望这会有所帮助.

这篇关于将 Laravel 项目文件保存在 public_html 中是否不安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！