3 Ways to Protect your .env File in Laravel

In this article I explain about how to and Why to protect .env file in your Laravel Project. .env file is located in your Laravel Project Root Folder.

Why to Protect .env File

.env is used to store the most secret information of our Laravel application such as database credentials, application key, Mailer Credentials or any third-party service credentials and more..

If we can’t Protect our application .env File, they listed in google search publicly. So, hackers to get our secret information without any effort.

you can check in google search using following Words

DB_USERNAME filetype:env
APP_DEBUG filetype:env
DB_PASSWORD filetype:env

How to Secure .env File

1. If you host your Application in shared hosting please make sure that the root folder of your Laravel application is not accessible from the outside.

2. Change your .env File Permision to 400 or 440. so that file can not be accessed by public users.

3. Another way you add below code to your .htaccess file to set permission of .env file.

.htaccess

<Files .env>
Order allow,deny
Deny from all
</Files>

 

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *