Why .env file can be accessible via domain.

Posted 10 months ago by Aravindh

Hi Everyone i have a doubt, why laravel allowing to read the env file via domain. For example, i rooted my domain to laravel application. whenever i hit my domain in the browser it will load the app right. But in case i hit mydomain.com/.env, it will return my env. I know we can hide it. But priorly it should be hidden. This will show our connectivity credentials.

Please sign in or create an account to participate in this conversation.