Is your Laravel app safe?
No, if you forgot to adjust the .htaccess file to stop displaying the .env file in a browser.
Just check the .htaccess file if you are blocking access to directory indexing and the .env file as well.
visit you www.example.com/path/to/laravel/.env in browser
if you can access it :D , no need to worry.
Just add this code in your .htaccess file
# Disable index view Options -Indexes # Hide a specific file <Files .env> Order allow,deny Deny from all </Files>
just update it as soon as you can.
This will do what comments are suggesting inside code.
Sorry for my bad English.