Oh Dear is the all-in-one monitoring tool for your entire website. We monitor uptime, SSL certificates, broken links, scheduled tasks and more. You'll get a notifications for us when something's wrong. All that paired with a developer friendly API and kick-ass documentation. O, and you'll also be able to create a public status page under a minute. Start monitoring using our free trial now.

Making sure Laravel's debug mode is always disabled in production

Original – ohdear.app

Recently, people started talking about a malware called “Androxgh0st” specifically targeting Laravel apps. In a recent edition of Securing Laravel, Stephen Rees-Carter wrote a good explanation of how it works.

The malware targets apps with APP_DEBUG set to true. When enabled, Laravel will give detailed error messages, and some security features will be disabled. In production, you always want this value to be set to false.

You can make sure it's always set to' false' using Oh Dear’s application monitoring feature. We can notify you whenever someone should set it to true. Let’s go through the steps required to set this up.

Read more [ohdear.app]

Stay up to date with all things Laravel, PHP, and JavaScript.

You can follow me on these platforms:

On all these platforms, regularly share programming tips, and what I myself have learned in ongoing projects.

Every month I send out a newsletter containing lots of interesting stuff for the modern PHP developer.

Expect quick tips & tricks, interesting tutorials, opinions and packages. Because I work with Laravel every day there is an emphasis on that framework.

Rest assured that I will only use your email address to send you the newsletter and will not use it for any other purposes.

Comments

What are your thoughts on "Making sure Laravel's debug mode is always disabled in production"?

Comments powered by Laravel Comments
Want to join the conversation? Log in or create an account to post a comment.