如何在 Laravel 5.4 中保护 .env 文件?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/44542753/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to secure .env file in laravel 5.4?
提问by Nileshsinh Rathod
I am Working with laravel 5.4. And i have problem with .env and composer.json file. Anyone can access from any browser and anyone can see my database credentials so please help me to protect this files.
我正在使用 laravel 5.4。我有 .env 和 composer.json 文件的问题。任何人都可以从任何浏览器访问,任何人都可以看到我的数据库凭据,所以请帮助我保护这些文件。
回答by sunilwananje
you can add following code to your .htaccess (make sure your .htaccess file should be in root folder not in public)file to deny the permission of .env file
您可以将以下代码添加到您的 .htaccess(确保您的 .htaccess 文件应该在根文件夹中而不是公共文件夹中)文件以拒绝 .env 文件的权限
<FilesMatch "^\.env">
Order allow,deny
Deny from all
</FilesMatch>
回答by Pankaj Makwana
Simply you add below code to your .htaccess file to set permission of .env and composer.json file.
只需将以下代码添加到 .htaccess 文件中即可设置 .env 和 composer.json 文件的权限。
<Files .env>
Order allow,deny
Deny from all
</Files>
<Files composer.json>
Order allow,deny
Deny from all
</Files>
And below line for disabling directory browsing
下面是禁用目录浏览的行
Options All -Indexes
回答by Rahul
Remember that once your server is configured to see the public folder as the document root, no one can view the files that one level down that folder, which means that your .envfile is already protected, as well your entire application. - That is the reason the public folder is there, security. - The only directories that you can see in your browser if you set the document root to the public folder is the folders that are there, like the styles and scripts.
请记住,一旦您的服务器配置为将公共文件夹视为文档根目录,就没有人可以查看该文件夹下一级的文件,这意味着您的.env文件以及整个应用程序都已受到保护。- 这就是公共文件夹存在的原因,安全性。- 如果将文档根目录设置为公共文件夹,您可以在浏览器中看到的唯一目录是那里的文件夹,例如样式和脚本。
You can make a test like this:
您可以进行这样的测试:
Enter in your project directory with the terminal and hit this:
使用终端输入您的项目目录并点击:
php -t public -S 127.0.0.1:80
The -t means the document root, where the PHP built-in web server will interpreter as the document root. - see bellow:
-t 表示文档根目录,PHP 内置 Web 服务器将在这里解释为文档根目录。- 见下文:
-t <docroot> Specify document root <docroot> for built-in web server.
Now try to access the .envfile, and you will see that you will get a 404 that the resource as not found.
现在尝试访问该.env文件,您将看到您将收到一个 404,表示未找到该资源。
Of course it's just an example, you will need to configure your sever to do the same.
当然这只是一个例子,你需要配置你的服务器来做同样的事情。
回答by Jerodev
Nobody can view these files via the browser because the root of your website is located at /publicand the composer.jsonand .envfiles are outside of this scope.
没有人可以通过浏览器查看这些文件,因为您网站的根目录位于/public并且composer.json和.env文件不在此范围内。
The only way to view these files is actually connecting to the web server and going to the corresponding folder.
查看这些文件的唯一方法实际上是连接到 Web 服务器并转到相应的文件夹。
回答by Alex Mac
Make sure it is on your .gitignore and you create it locally on your server.
确保它在您的 .gitignore 上,并在您的服务器上本地创建它。
![Laravel 5 - SQLSTATE[HY000][1045] 用户 'root'@'localhost' 访问被拒绝(使用密码:NO)](/res/img/loading.gif)