Do you know that google crawled your website and index everything available including your .env file?. Environment file in Laravel located in root project which stores all important information and credentials like database password, email configurations and other env variables. Without proper permission, your system will be compromise badly…
But, do you know that your .env file can be rename? In term of security, you might be thinking of it right? And you might want to hide the .env file to some where hidden in your project directory.
Lately, my web application firewall been detecting several request requesting like this “https://website.com/.env” so many times. But, Im not worrying much because i have proper permission and WAF (confident level 9999 😂).
Let’s get started
If you open the app.php inside bootstrap folder, you will find this at the first line
$app = new \App\Extensions\Illuminate\Foundation\Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
);Open the Application.class and go down a little bit, you will see this variables
/**
* The custom environment path defined by the developer.
*
* @var string
*/
protected $environmentPath;
/**
* The environment file to load during bootstrapping…
