Support the ongoing development of Laravel.io →
Installation Configuration Security
Last updated 5 months ago.
0

If your php service is not running for some reason someone could browse to your config files and get the contents.

Last updated 5 months ago.
0

hettiger said:

If your php service is not running for some reason someone could browse to your config files and get the contents.

Thanks! How common is that issue? I don't think I've ever seen that happen, but that would be pretty serious if it did.

Last updated 5 months ago.
0

Usually it happens when your host is upgrading php, apache, some other web service. The odds are pretty low but it's not worth the risk. There is at least 1 file floating around from an old Facebook codebase when one of their servers was configured wrong and downloaded the file instead showing it normally.

Many hosts that I have dealt with do allow you to place files outside the public_html / httpdocs folders. I wonder if this is a common misconception? I'm sure there are some that don't but most do.

Last updated 5 months ago.
0

kreitje said:

Usually it happens when your host is upgrading php, apache, some other web service. The odds are pretty low but it's not worth the risk. There is at least 1 file floating around from an old Facebook codebase when one of their servers was configured wrong and downloaded the file instead showing it normally.

Many hosts that I have dealt with do allow you to place files outside the public_html / httpdocs folders. I wonder if this is a common misconception? I'm sure there are some that don't but most do.

We had a recent client whose deployment configuration would not have allowed Laravel to be deployed as is. So I looked into how we can move those files around and figured it out pretty quickly, but I want to make sure I understand the risks. All of this is great info, thanks!

Last updated 5 months ago.
0

Sign in to participate in this thread!

LaraJobs

Your banner here too?

abogartz abogartz Joined 20 Feb 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2022 Laravel.io - All rights reserved.