I am developing more & more Laravel based websites of late. I have doing the below steps to make sure that my application is secured.
- Installed 'laravel-security' package which is a Symfony Security Core in Laravel
- Installed 'authority-controller' which is an PHP authorization library for Laravel to restricts what resources a given user is allowed to access.
- Used 'Laravel-ACL' which is a role-based permissions for Laravel 5 built in Auth system
- Always used Eloquent queries instead of DB::raw() queries to avoid SQL injection
- Always sanitised user input to avoid XSS
- Always add CSRF token in forms
- Used to define an 'https' filter to redirect the visitor to the secure route, if an SSL certificate installed on the web server
- Always defined $fillable & $guarded properties in the model to take care of mass assignment
- Escaping content - Always used double-brace syntax () in Blade templates. And used {!! $value !!} syntax, only when I was certain the data is safe to display in its raw format.
- Always Used Hash class to store passwords
- Always Used Auth::attempt method for authenticating user.
Do I need to do any more steps to make sure my Laravel application is Safe.
Thanks you your help in advance.
via manian
