Symlinks in project

You need to make sure only the same user has access to your symlinked directory. This way there is no difference for security. Also, make sure you don't put this symlink directory just in a directory that is exposed to the web like the public directory. You can do it with images that are publicly available, but with uploaded files, you really don't want this!

Yes, but it does allow the attacker access to the entire system!

Well that totally depends on what you do. If you allow the user to specify what should be symlinked to what, then yes they can get access to the whole system.

If you only symlink things in storage to things in public that would be safer. If you only symlink things that aren't public, you are even safer.

If you tell us exactly what you plan to symlink, we can hel you better

I am a site developer and have allowed the server to route through symbolic links. For example: In the public/ directory I created a symbolic link to the storage/ folder. At the time: A hacker somehow found a hole in the site and created a symbolic link on /etc/sudoers!

There can be alot of reasons why it happened. Perhaps the hacker was able to upload a php file or some other form of infected file due to missing validation. Perhaps the server was not updated with security patches. Some unsafe package was used that gave access to the file system.

Yes, so i think that permission to a symbolic link is quite dangerous! I believe that one of the solutions it to configure a server with access only to a specific symbolic link!

Can you explain your reasoning?

Also curious. Did the www user have permission to anything else than the laravel folder (it shouldn't)? Making a symlink to the sudoers file should not be possible for a user with no rights.

Making a symlink to the sudoers file to example in the public directory