Why .env file can be accessible via domain.

Posted 8 months ago by Aravindh

Hi Everyone i have a doubt, why laravel allowing to read the env file via domain. For example, i rooted my domain to laravel application. whenever i hit my domain in the browser it will load the app right. But in case i hit mydomain.com/.env, it will return my env. I know we can hide it. But priorly it should be hidden. This will show our connectivity credentials.

Please sign in or create an account to participate in this conversation.

Reply to

Use Markdown with GitHub-flavored code blocks.