Security Tip: Sensitive Model Attributes
I hope you found last week’s In Depth email interesting (Escaping Output Safely), and had some fun with the XSS demo. If you’re interested, I wrote a Twitter thread covering how I built the intentionally vulnerable demo app, to go along with my previous thread about securing the hosting for it.
Securing Sensitive Model Attributes
The risk here is simple: if you store sensitive data on your models and send these to the browser, it may end up in the browser, and someone could find it1.
We’re talking about password hashes2, dates of birth, API keys, secret messages, staff comments, etc. The list goes on and on… Basically anything that the person making the request shouldn’t have access to.
Keep reading with a 7-day free trial
Subscribe to Securing Laravel to keep reading this post and get 7 days of free access to the full post archives.