I'm new in Laravel 5.
I found this Laravel 5 - Remove public from URL on Stack Overflow to remove public folder from my Laravel 5 App. Only I have a question about the security.
When I am removing public from URL, then I have to change the basic folder structure of Laravel 5. Yes, it's working fine without the public from the URL.
But what's about the security of Laravel, because I am changing the default folder structure? Is it secure to use?
You should be pointing your Apache host root to the $LARAVEL_PATH/public directory instead of $LARAVEL_PATH.
The point of having sub directory for www host root instead of project root is that you're not leaking any of your project files through your web server.
Even though all the PHP files have the file suffix .php, malicious user can access your $LARAVEL_PATH/storagedirectory and its subdirectory contents, read your composer.json or package.json to find vulnerable dependencies or read .env file etc.
If you're running on shared hosting and you have mandatory public_html, try installing Laravel outside of that public_html directory and either removing public_html (if empty) and replace it with symlink to $LARAVEL_PATH/public OR if you want the Laravel instance to be subdirectory ofpublic_html, do the same but create symlink from$LARAVEL_PATH/publictopublic_html/$PROJECT_SUBDIR`.
That public directory is there for reason to make project a bit more secure. Solve the actual problem and don't try to break this simple but nice security addition. :)
you this link you provided is not about changing the actual file structure of the framework, this example uses mod_rewrite to rewrite the url of your application. In other words you are telling your server that you would like to point to that directory without the full path is visible to the end user.
Also take a look on the below answers of the link you've provided.
Rename the server.php in the your Laravel root folder to index.php and copy the .htaccess file from /public directory to your Laravel root folder. -- Thats it !! :)
来源:https://stackoverflow.com/questions/31422357/affect-on-security-of-laravel-5-when-change-folder-structure-to-remove-public-fo