Reputation: 1
How to protect .env file
I've hosted a node js app on cpanel as example.com but the problem is in my node directory having .env file and if I try to visit example.com/.env this file get downloaded. So how to secure .env file?
I tried to add htaccess
<Files "env">
Order allow,deny
Deny from all
</Files>
Even I've changed file permission to 0600. But it doesn't work.
Upvotes: -1
Views: 501
Answers (1)
Reputation: 186
Basicly there are 4 options:
Add this code in .htaccess:
<FilesMatch ".env"> Order allow,deny Deny from all
Move the file outside the public directory: Move the
.envfile outside of the public directory (e.g.,public_html) to prevent it from being accessible via the web server.Use a process manager: Use a process manager like
PM2to manage your Node.js application. PM2 can automatically handle environment variables and keep them separate from your codebase.Use environment variables in your code: Instead of hard-coding sensitive information in your code, use environment variables. This way, you can easily manage and secure sensitive data without modifying your code.
Upvotes: 1
Related Questions
- How to stop caching pages that consume local json file in next js static generation?
- Change change mode of all files and folders in CPanel at once?
- Express.js App Deployment: Invalid command 'PassengerAppRoot', perhaps misspelled or defined by a module not included in the server configuration
- Laravel does not read .env file in panel
- Need to mimic cPanel's user access/directory password