Laravel .env Exposed
When it comes to host a Laravel project on shared hosting, many of the developers finds a difficulty. So they just apply any random solutions from different websites to make their project working without even knowing the consequence of that. Let me give one example.
One of the easiest way of Laravel hosting is move all files of public folder to root and make some changes in index.php
Once you go with above solution, you are opening doors for the hackers and attackers. Because Laravel’s base directory has many important files like .env, .htaccess etc and your web-server is also pointing to Laravel’s base directory. So these all important files can directly be accessed by URL. For example, .env file can be accessed via www.example.com/.env and it results,
In conclusion, never ever host Laravel like this. If you have shared hosting and you have less knowledge about server related stuffs then ask you hosting provider to change documentRoot to Laravel’s public folder.
