Back-end Security Enhancement

Hi Friends, Are you Back-end Developer??

Just Look at It.

It’s a serious note for you. I can show you live hacking of websites/admin panels.

** Disclaimer : – Information Shared here is completely confidential do not misuse it otherwise whatever action will be taken by the authority you are yourself responsible for that.

Here we Go:

1) Go to Google
2) Search for DB_USERNAME filetype:env

Now you will get a list of .env files of the appropriate site which is public, you can completely read this file which causes leakage of your database confidential info, mail confidential info other all confidential info relates to your project.

How to prevent this??
What is Solution??

Here we Go:

Protect it using your .htaccess file

For Apache

<FilesMatch "^\.env">
    Order allow,deny
    Deny from all

For nginx

location ~ /\.(?!well-known).* {
       deny all;

you can check using : $PROJECTURL/$PATH_FOR_ENV

Also, You can check apps for developer. – Helping Hands

About the author


You can download our apps and books for free..
Search - Incognito Inventions

View all posts


Leave a Reply

Your email address will not be published. Required fields are marked *