发表新帖
发表新帖

About Laravel 5.1 Security

前端 未结
关注
1 1641
后悔当初
后悔当初 2021-01-06 01:50

I\'m newbie on developing projects in Laravel 5.1

I want to learn the how can I avoid security risks. What kind of attacks are secured by Laravel? And what kind of a

相关标签:
1条回答
  • 悲&欢浪女
    2021-01-06 02:07

    The short answer

    Laravel 5.1 is well secured what regards to SQL injection, CSRF and XSS per default.

    More details

    In my opinion, what you should be aware of:

    1- It is not only Laravel alone that is responsible for your web application security, but the environment surrounding it.
        - Web server should be configured correctly and secure.
        - It is an advantage to SSL (Certificate) among your domain.
        - Do only use SFTP over SSH for file transfer and do only use SSH for console connection.
        - Use trusted provider and physically secured Server environment.
        - Backup your files and your database regularly and move the data out side your provider server location.
        - Make different username and password for SSH console, database or other services.
        - For SSH access and Database access, do not use admin or root username often, keep it only for emergency use, in stead create a sub admin/root account and use that in stead.

    2- Above all of that, when you further develop on your Laravel, you might risk performing bad programming which breaks the default security rules of Laravel.

    Conclusion

    Therefore, it is suggested not counting on default security. You need to do your own penetration test when your project is done to ensure every thing is working and secured as planned. And follow some of the simple security rules then you would perfectly be on the safe side.

    I suggest you to look at this link regarding CSRF and as @ImtiazPabel comments link.

    Finally this link is good to check:

    • https://www.owasp.org/index.php/Top_10_2013-Top_10
    • https://www.owasp.org/index.php/OWASP_Proactive_Controls
    • https://www.owasp.org/images/9/9b/OWASP_Top_10_Proactive_Controls_V2.pdf

    EDIT
    OP asked in comments:

    Can we say Request::get($data) is totaly safe?

    Request::get($data) is secured and safe as well.

    Note
    I and 3 other guys made a primitive project to measure the security level of Laravel 5.1 a few months back and it passed successfully with out any remarkable comments.

    0 讨论(0)
 看不清?
提交回复
热议问题