Security Tips
Security Tip: Privilege Escalation Through Domain Wildcards!
[Tip #80] It's incredibly common to find hardcoded domains used for identifying admins, however this also makes it trivial to escalate privileges to admin!
Security Tips
[Tip #80] It's incredibly common to find hardcoded domains used for identifying admins, however this also makes it trivial to escalate privileges to admin!
Security Tips
[Tip #79] It may be tempting to reach for env() outside your config files, but you may be introducing subtle bugs, or exposing your app to compromise...
Security Tips
Up until now, Laravel has only supported rate limiting per-minute, but that didn't work in some scenarios, as a minute is a very long time. To solve this, Laravel 11 supports per-second!
Security Tips
[Tip #77] We often talk about validating user input from the browser, but what about user input on the command line? Validation is just as useful there too!
Security Tips
[Tip #76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and changing bcrypt rounds.
In Depth
[In Depth #25] Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how Laravel 11 handles it...
Security Tips
[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on the controller - here's how you get it back.
Security Tips
[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.
Security Tips
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware of too!
In Depth
[InDepth#24] It's time to answer the question: how do you build user registration and authentication without an enumeration vector?
Security Tips
[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form, it can provide attackers with crucial intel!
Security Tips
[Tip#71] We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too!