If your php service is not running for some reason someone could browse to your config files and get the contents.
hettiger said:
If your php service is not running for some reason someone could browse to your config files and get the contents.
Thanks! How common is that issue? I don't think I've ever seen that happen, but that would be pretty serious if it did.
Usually it happens when your host is upgrading php, apache, some other web service. The odds are pretty low but it's not worth the risk. There is at least 1 file floating around from an old Facebook codebase when one of their servers was configured wrong and downloaded the file instead showing it normally.
Many hosts that I have dealt with do allow you to place files outside the public_html / httpdocs folders. I wonder if this is a common misconception? I'm sure there are some that don't but most do.
kreitje said:
Usually it happens when your host is upgrading php, apache, some other web service. The odds are pretty low but it's not worth the risk. There is at least 1 file floating around from an old Facebook codebase when one of their servers was configured wrong and downloaded the file instead showing it normally.
Many hosts that I have dealt with do allow you to place files outside the public_html / httpdocs folders. I wonder if this is a common misconception? I'm sure there are some that don't but most do.
We had a recent client whose deployment configuration would not have allowed Laravel to be deployed as is. So I looked into how we can move those files around and figured it out pretty quickly, but I want to make sure I understand the risks. All of this is great info, thanks!
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast