Monday, August 22, 2022

[FIXED] How to hide .env passwords in Lumen when you leave debug as false?

      , , , ,      No comments   

Issue

How can I hide my passwords and other sensitive environment variables on-screen in Lumen (Not Laravel)?

Sometimes we either forget or test smth in development and make debug=false in the .env file. We maybe don't want other people to see such information even in development phase.

Also for some people who don't know this, if an exception is thrown while opening a page or making a request, everything that is in the .env file is shown in the browser, including db passwords etc - "and this is how you debug"!

I have found a solution for Laravel but I need it for Lumen also!

Solution for Laravel: How to hide .env passwords in Laravel whoops output?

It would be best if we had this as a default setting offer by Laravel team, but after some discussions in Laracast I'm not quite optimistic!

I HOPE DEVELOPERS KNOW THIS ISSUE AND BE VERY VERY CAREFUL BECAUSE FORGETTING IT OR EVEN TESTING IT IN DEVELOPMENT HAS A HUGE HUGE RISK OF BEING HACKED!

Thank You!


Solution

You can hide the sensitive information by adding following code in config/app.php

'debug_blacklist' => [
    '_ENV' => [
        'APP_KEY',
        'DB_PASSWORD',
    ],
    '_SERVER' => [
        'APP_KEY',
        'DB_PASSWORD',
    ],
    '_POST' => [
        'password',
    ],
],


Answered By - SREE ANI
Answer Checked By - Katrina (PHPFixing Volunteer)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...