Is it unsafe to keep a Laravel project files inside public_html?

别说谁变了你拦得住时间么 提交于 2021-02-19 04:33:27

问题


I have 3 different laravel projects inside public_html (that is, one level below) on a shared hosting.

I changed each domain/subdomain document root path to point to the respective project/public folder (i.e. public_html/project1/public)

Additionally I put the Options -Indexes statement in my .htaccess files so people can't browse directly into my project files, and denied all access to .env files.

Is there still a vulnerability doing this?


回答1:


I assume that when you mention public_html, that you are using a cpanel like shared hosting solution. In these scenarios, the apache hosting configuration and access to respective folders is managed by the hosting provider. That means you have limited access to restrict access to your code. Typically the hosting provider makes all files in public_html public.

So if my assumption on your setup is correct, the answer to your question is: Yes this is unsafe.

You may also want to know: How can someone install laravel safely on a shared hosting server?

You should follow the instructions from laravel-news. This article will show you how to pull out the folders that should be public and update your configuration to point to the sub folders that migrated to a new location.

Hope this helps.




回答2:


You shouldn't ever keep the application source files in a publicly accessible location. That is the entire point of having a public directory in the first place, to restrict what can be accessed.



来源:https://stackoverflow.com/questions/48361840/is-it-unsafe-to-keep-a-laravel-project-files-inside-public-html

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!