Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Root826026ySecurity by convention > security by configuration.
or, to rephrase: Insecure by default is FUCKING STUPID. -
Teosz14106yI think it's not the framework's fault. Almost the first thing what the docs says is that .env files shouldn't be reside in a publicly accessible folder. If someone didn't see that, at least must have enough brainpower to realise if I put the .env file in the public folder it will be available PUBLICLY.
-
@Teosz it really should be done by default, if there's no reason for it to be in a public folder (please tell me I'm wrong about that), and it's recommended to take it out of a public folder, why is it by default on a public folder?
-
dcode4286y@chabad360
It is not. What we are seeing here i think is a bunch of misconfigured webservers using the root folder instead of the public folder as document root.
By default it doesn't even has a .env file just a .env.example in the root folder.
It is showing interesting results as hell through!
Related Rants
I'll just leave this here:
https://google.com/search/...
rant
lol
security
fail
laravel
2018