1

I'm using Symfony 4, and I would like to know if is possible to avoid that Symfony Cache component cache my .env files in prod The main reason is that I'm trying to don't expose information saved there.

I'm thinking right now to prevent it by adding +rwx permission only to Apache's user and only +x for group and others users.

I'll appreciate any ideas. Thank you.

yycub
  • 11
  • 1
  • I think this is not good apporach. ENV vars, can be exposed in many ways to user with access to server. Why are you not denying access to project folder for all users except Apache? – Pavol Velky Aug 06 '20 at 17:49
  • Yes. That's the correct approach. I can use Symfony Secrets system. Thanks @PavolVelky – yycub Aug 10 '20 at 18:45

0 Answers0