How to secure Laravel .env file and file permission?

Devnote team

July 7, 2020

One Min Read

3.9K Views

Laravel is the most popular PHP frameworks. .env file located at the root of the Laravel project stores all important information and credentials like database name, username, password, email configurations, and other env variables.

.env file Detail

This causes listing of database username, password and database name publically. You can search for db_password filetype:env on google to understand the effect of this vulnerability.

Check Site

You can check this to your site if https://devnote.in is the root of your Laravel project you can check via opening https://devnote.in/.env in the browser if you see any error that means your site is safe. or .env data view is vulnerability.

We can two way solution:

Solution via Permission
Solution via .htaccess

1. Solution via Permission

The best solution is to set the proper permission of the env file. To change permission via CPanel, open your file manager -> go to your project -> .env file right-click -> select Permission and set 440 or 400.

OR

You can also set permission via Command line : ubuntu@Ubunt:~/Desktop/devnote$ chmod 440 .env.

2. Solution via .htaccess

.htaccess contains superpower, you can set env file permission but blocking that file via .htaccess is very useful. add this code in the .htaccess file :

#.htaccess

#hide a specific file
<Files .env>
    Order allow, deny
    Deny from all
</Files>

Categories:

Laravel

Top 5 Free Online IDEs for Effortless Coding

Efficiently Searching an Element in an Array

How to Remove All Spaces from a String in Laravel: Ultimate Guide with Example

Top 9 Free Hosting Platforms for Your Website in 2024

The Art of Secure PHP Coding: Best Practices and Techniques