Laravel Security

laravel , laravel framework , laravel documentation , laravel tutorial , laravel install , laracasts

What is Laravel Security?

• The extent to which a computer system is protected from data corruption, destruction, interception, loss, or unauthorized access.

Laravel Security:

• Security is important feature while designing web applications.
• It assures the users of the website that their data is secured.
• Laravel provides various mechanisms to secure website. Some of the features are listed below −
• Storing Passwords − Laravel provides a class called “Hash” class which provides secure Bcrypt hashing. The password can be hashed in the following way.

$password = Hash::make('secret');

• make() function will take a value as argument and will return the hashed value. The hashed value can be checked using the check()function in the following way.

Hash::check('secret', $hashedPassword)

• The above function will return Boolean value. It will return true if password matched or false otherwise.

• Authenticating Users − The other main security features in Laravel is authenticating user and perform some action. Laravel has made this task easier and to do this we can use Auth::attempt method in the following way.

if (Auth::attempt(array('email' => $email, 'password' => $password))) {
   return Redirect::intended('home');
}

• The Auth::attempt method will take credentials as argument and will verify those credentials against the credentials stored in database and will return true if it is matched or false otherwise.

laravel , laravel framework , laravel documentation , laravel tutorial , laravel install , laracasts

CSRF Protection/Cross-site request forgery (XSS):

• Cross-site scripting (XSS) attacks happen when attackers are able to place client-side JavaScript code in a page viewed by other users.
• To avoid this kind of attack, you should never trust any user-submitted data or escape any dangerous characters.
• You should favor the double-brace syntax ({{ $value }}) in your Blade templates, and only use the {!! $value !!} syntax, where you're certain the data is safe to display in its raw format.

Avoiding SQL injection:

• SQL injection vulnerability exists when an application inserts arbitrary and unfiltered user input in an SQL query.
• By default, Laravel will protect you against this type of attack since both the query builder and Eloquent use PHP Data Objects (PDO) class behind the scenes.
• PDO uses prepared statements, which allows you to safely pass any parameters without having to escape and sanitize them.

Cookies - Secure by default

• Laravel makes it very easy to create, read, and expire cookies with its Cookie class.
• In Laravel all cookies are automatically signed and encrypted.
• This means that if they are tampered with, Laravel will automatically discard them.
• This also means that you will not be able to read them from the client side using JavaScript.

laravel , laravel framework , laravel documentation , laravel tutorial , laravel install , laracasts

Forcing HTTPS when exchanging sensitive data

• HTTPS prevents attackers on the same network to intercept private information such as session variables, and log in as the victim.

This tutorial is used to learn laravel and also provides guidance on laravel book , laravel books , laravel hosting , laravel programming , laravel server php , laravel server , laravel development server , start laravel server , laravel getting started , laravel programmer , php with laravel for beginners , what is laravel framework in php , up and running with laravel , php framework laravel , getting started with laravel , what is laravel framework , laravel applications , what is laravel in php , laravel hosting , laravel framework , php laravel framework , latest framework in php