Scribd
Upload
6 views

laravel - securityfeatures

The document outlines security features in Laravel, including data encryption, protection against cross-site scripting and SQL injection, secure cookie management, and session handling. It provides code examples for implementing these features, such as using Hash for password verification and CSRF tokens for form submissions. Additionally, it briefly covers creating an AJAX application in Laravel with routing and controller setup for message replacement.

Uploaded by

toyan40946
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
6 views

laravel - securityfeatures

The document outlines security features in Laravel, including data encryption, protection against cross-site scripting and SQL injection, secure cookie management, and session handling. It provides code examples for implementing these features, such as using Hash for password verification and CSRF tokens for form submissions. Additionally, it briefly covers creating an AJAX application in Laravel with routing and controller setup for message replacement.

Uploaded by

toyan40946
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 23

Laravel – Security Features

Contents
1. Encryption of data
2. Cross site scripting
3. SQL injection
4. Cookies
5. Sessions
1. Encryption
Store data in encrypted form for security purpose,
$hashedpassword = hash::make(‘secret’);

Password is verified using following function


Hash::check(‘secret’, $hashedpassword);

Above function returns boolean, which is used in following function


if (Auth::attempt(array('email' => $email, 'password' => $password))) {

return Redirect::intended('home');

}
2. Cross-site request forgery
(CSRF)
Cross site attacks occur when attackers are able to place client-side Javascript code in a page.
You should never trust user submitted data and verify data by putting it in blade {{$value}}
format.
It will be verified by blade Engine.
{{csrf()}} hidden field is added in Laravel form in order to ensure that data is submitted by filling
in the laravel form and not by some script from another website.
3. SQL injection
SQL inject means to inject wrong query in the application which will jeopardies the safety of the
application.
Laravel by default saves the application from SQL injection. It uses prepared queries and takes
safe input after verification.
4. Cookies
 Cookies are used to store server information on client machine. It could be user login or session
information.
 Cookies are secure by default in laravel. They are automatically signed and encrypted.
 It is not possible to tamper with cookies using Javascript.
<?php
class CookieController extends Controller {
public function setCookie(Request $request){
$minutes = 1;
$response = new Response('Hello World');
$response->withCookie(cookie('name', ‘testname', $minutes));
return $response;
}
public function getCookie(Request $request){
$value = $request->cookie('name');
echo $value;
}
}
?>
5. Sessions
Session variables are created and maintained after user’s log-in. These variables are used to
apply security checks on the access of certain parts of web application.

At log-out session variables are destroyed.


<?php
class SessionController extends Controller {
public function accessSessionData(Request $request){
if($request->session()->has('my_name'))
echo $request->session()->get('my_name');
else
echo 'No data in the session';
}
public function storeSessionData(Request $request){
$request->session()->put('my_name',‘test name');
echo "Data has been added to session";
}
public function deleteSessionData(Request $request){
$request->session()->forget('my_name');
echo "Data has been removed from session.";
}
}
Settings of sessions
You can change session variable settings in laravel. Update ‘App/session.php’

 Store information in a file or a database


 Timings to store session variables
Thank you!
Laravel - AJAX
 How to write AJAX based application in laravel?
 Router (/getmsg, /)
 Controller (ajaxcontroller@index)
 View (message.blade.php)
message.blade.php
<html> <body>
<head> <div id = 'msg'>This message will be replaced using Ajax.
<title>Ajax Example</title> Click the button to replace the message.</div>
<?php
<script src = echo Form::button('Replace Message',
"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min. ['onClick'=>'getMessage()']);
js"> ?>
</script> </body>

<script> </html>
function getMessage(){
$.ajax({
type:'POST',
url:'/getmsg',
data:'_token = <?php echo csrf_token() ?>',
success:function(data){
$("#msg").html(data.msg);
}
});
}
</script>
</head>
Ajax Controller
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
use App\Http\Controllers\Controller;

class AjaxController extends Controller {


public function index(){
$msg = "This is a simple message.";
return response()->json(array('msg'=> $msg), 200);
}
}
AJAX Application router
Route::get('ajax',function(){
return view('message');
});
Route::post('/getmsg','AjaxController@index');
Thank you!

You might also like