https://stackoverflow.com/questions/46407009/how-to-hide-env-passwords-in-laravel-whoops-output
https://laracasts.com/discuss/channels/laravel/laravel-has-a-security-hole
When deploying variable, in .env file, APP_DEBUG must be set to false,
if set to true the laravel developer friendly exception page will reveal all .env variables probably includes your database username pwd, or mail server username pwd.
when APP_DEBUG is set false in .env file
run
// remove cache
php artisan cache:clear
// reload config
php artisan config:clear
Never set database username and pwd in .env file, set in
/config/database.php file instead
ALSO Change the default landing page from resources/views/welcome.blade.php to empty so hackers dont know it laravel
No comments:
Post a Comment