41
Comments
  • 2
  • 2
    Nice 😯
    All the laravel devs around here better get busy
  • 1
    Whoops!
  • 1
    Not the first time I see this, and god damn so much local env o.O
  • 3
    Security by convention > security by configuration.

    or, to rephrase: Insecure by default is FUCKING STUPID.
  • 0
    One word: shit
  • 3
    I think it's not the framework's fault. Almost the first thing what the docs says is that .env files shouldn't be reside in a publicly accessible folder. If someone didn't see that, at least must have enough brainpower to realise if I put the .env file in the public folder it will be available PUBLICLY.
  • 0
    @xewl maybe try yer luck with trying to connect through the domain/IP 😉😏
  • 0
    @Teosz it really should be done by default, if there's no reason for it to be in a public folder (please tell me I'm wrong about that), and it's recommended to take it out of a public folder, why is it by default on a public folder?
  • 2
    @chabad360
    It is not. What we are seeing here i think is a bunch of misconfigured webservers using the root folder instead of the public folder as document root.
    By default it doesn't even has a .env file just a .env.example in the root folder.

    It is showing interesting results as hell through!
Add Comment