Introduction to Laravel
Laravel is a popular open-source PHP framework used to develop web applications. According to BuiltWith, more than 135,000 live websites currently using it.
It has a debug mode with an interface that allows developers to identify errors and misconfiguration on the site’s network.
This debug mode is intended to be used before the site goes live, but many developers failed to disable it.
If by any chance, the developer forgets to disable the Debug mode after making the website live over the network, then it will make the website to expose sensitive data and website credentials like database credentials, admin credentials etc
This exposure could allow attackers to potentially hack email servers, explore source code structure, find weak points, re-use passwords on other systems, and many more.
Fix: Disable the Debug Mode before going live
To enable or disable debug mode on Laravel, all you have to do is open the app.php which is inside the app/config folder, change the value ‘true’ or ‘false’ and then save the file.
<?php return array(
| Application Debug Mode
| When your application is in debug mode, detailed error messages with
| stack traces will be shown on every error that occurs within your
| application. If disabled, a simple generic error page is shown.
‘debug’ => true,
If the ‘debug’ => true, that means the debugging mode is enabled, but if ‘debug’ => false, then the debug mode is disabled.
The debug interface is accessible from a web browser. It often contains sensitive data in plain-text and API credentials like share passwords and database locations, the information that hackers can use to steal data or develop further attacks on the server.
Refer Links :