DEV Community

Basim Ghouri
Basim Ghouri

Posted on

Security in Laravel: How to Protect Your App Part 4

Exposed Files

By default, Laravel only exposes the public directory. This is intended to avoid security breaches. Considering that any file that will be exposed can be accessed by anyone, you should avoid adding their sensitive data.

If you want to expose files to download, the best way to do this is by keeping the files on the storage directory and just adding a symbolic link on a public directory. Laravel provides a command to make it easier:

php artisan storage:link
Enter fullscreen mode Exit fullscreen mode

Now, any file that your app stores in the storage directory will be available. Avoid adding manual permissions to any other directory as this could lead to a potential breach.

Top comments (1)

basimghouri profile image
Basim Ghouri

Follow And like for more laravel security parts