mossy pewter
stack overflow suggests this solution https://stackoverflow.com/questions/38331397/how-to-protect-env-file-in-laravel
but as I discovered when you copy htaccess to root of your project this is high security risk for example I am able to access storage/logs/laravel.log file via browser
paper fog
Which is exactly why the webserver's DOCUMENT_ROOT must be set to the public folder.
If you're using shared hosting where you can't configure the webserver, you can use this solution: https://gist.github.com/bladeSk/3666d04964e4de9c263776ba51f33a18
mossy pewter
No I'm just learning laravel following course on udemy and this is approach that they use in the course which seems to be not good of an option
Just want to learn correct way of doing it
lusty coral
I hardly think a course teaches to set up a web server not pointing to the public folder as web root
void grove
Alternative option to .env file would be to specify your environmental variables in the OS (example for Ubuntu: https://tecadmin.net/setting-up-environment-variables-on-ubuntu/) - might not be applicable to your problem, but still something you can consider using, if your hosting provider allows you to do that
mossy pewter
so do speak there is no safe local setup then? everyone using that htaccess copy in root dir?
I have managet to setup Larvel/Sail for my local learning
lusty coral
What do you mean local setup? Exposing .env is only an issue in production
In local dev, you can use any setup you like
mossy pewter
yeah I understand I can use anything for dev but I want to make sure I learn everything in the correct way of doing things not poisoning the well...
from what it looks you cant have htaccess in your root dir because it is a security issue
I was wondering is there a away for me to setup my learning project without security risks if I can access laravel logs from browers by simply pointing to it, its not good