To save sensitive data from the application, is it recommended to save in dotEnv or can I save it in any other format since the file is not in the public directory?
I see many talking about dotEnv, I wanted to know why they say it's so secure, and it's pretty much identical to .ini. What are the differences?
Friend, dotEnv is more a standardization of ease. Before it was XML, it's Json, more or less. An .ini or config.php in security issue is the same thing, you can give require above public_html and no one on the web will see the file. The dotEnv issue is your ease, load it from somewhere hidden and then just use $ _ENV ['db_password'] when you need it, no flashing code or gambiarra.
