Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

About Laravel 5.1 Security

Tags:

security

laravel

laravel-5

laravel-5.1

I'm newbie on developing projects in Laravel 5.1

I want to learn the how can I avoid security risks. What kind of attacks are secured by Laravel? And what kind of attacks Laravel is not secure?

Using middleware is good way to handling authorizations.

And I know Laravel is secured for CSRF attacks.

Is there any thing that should i know ? What about SQL Injection. Is Laravel secure or not?

like image 796
Cihan Küsmez Avatar asked Oct 25 '15 12:10

Cihan Küsmez

1 Answers

The short answer

Laravel 5.1 is well secured what regards to SQL injection, CSRF and XSS per default.

More details

In my opinion, what you should be aware of:

1- It is not only Laravel alone that is responsible for your web application security, but the environment surrounding it.
    - Web server should be configured correctly and secure.
    - It is an advantage to SSL (Certificate) among your domain.
    - Do only use SFTP over SSH for file transfer and do only use SSH for console connection.
    - Use trusted provider and physically secured Server environment.
    - Backup your files and your database regularly and move the data out side your provider server location.
    - Make different username and password for SSH console, database or other services.
    - For SSH access and Database access, do not use admin or root username often, keep it only for emergency use, in stead create a sub admin/root account and use that in stead.

2- Above all of that, when you further develop on your Laravel, you might risk performing bad programming which breaks the default security rules of Laravel.

Conclusion

Therefore, it is suggested not counting on default security. You need to do your own penetration test when your project is done to ensure every thing is working and secured as planned. And follow some of the simple security rules then you would perfectly be on the safe side.

I suggest you to look at this link regarding CSRF and as @ImtiazPabel comments link.

Finally this link is good to check:

  • https://www.owasp.org/index.php/Top_10_2013-Top_10
  • https://www.owasp.org/index.php/OWASP_Proactive_Controls
  • https://www.owasp.org/images/9/9b/OWASP_Top_10_Proactive_Controls_V2.pdf

EDIT
OP asked in comments:

Can we say Request::get($data) is totaly safe?

Request::get($data) is secured and safe as well.

Note
I and 3 other guys made a primitive project to measure the security level of Laravel 5.1 a few months back and it passed successfully with out any remarkable comments.

like image 180
Maytham Avatar answered Oct 21 '22 00:10

Maytham
Sign in to Comment

Related questions

Logging user actions in laravel
Vagrant Laravel Homestead SSH authentication failed
Laravel 4: Class does not exist
Laravel Custom Pivot Table relationship and eager loading?
Laravel doesn't read HTTP request payload for PUT request
Laravel ioc automatic resolution - works from controller but not from custom class
Where does Laravel store configuration for memcached session driver?
Laravel constants in class Facades
How to change Database in Validator in Laravel
How can I check if a URL exists via Laravel?
Laravel 4 validation email unique constraint
Problems of links generated by Laravel 5 Paginator
How to query user with posts in Laravel
Using laravel queue fails to run on my shared hosting solution
Partial views with JavaScript in Laravel 5
How to embed css to HTML in laravel?
Laravel Fluent vs Eloquent
Laravel 5.0 custom 404 does not use middleware
Record lesson as completed when user finishes watching vimeo video
Select2 - Multiple tags not working

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!