Security Tips
Security Tip: Auto-Secure Cookies FTW! ๐
[Tip #92] One of my personal pet peeves in Laravel has finally been fixed! The Secure cookie attribute will now match the request protocol! ๐ (I'm excited, can you tell?)
Security Tips
Security Tip: Privilege Escalation Through Domain Wildcards!
[Tip #80] It's incredibly common to find hardcoded domains used for identifying admins, however this also makes it trivial to escalate privileges to admin!
Security Tips
Security Tip: Only Use env() Within Config Files
[Tip #79] It may be tempting to reach for env() outside your config files, but you may be introducing subtle bugs, or exposing your app to compromise...
In Depth
In Depth: Securing Apps on Forge
[InDepth#21] I've had this question many times, so let me take you through the steps I follow when provisioning and securing apps on Forge.
Security Tips
Security Tip: Disable Debug Mode on World-accessible Apps
[Tip#59] It may seem obvious, you'd be surprised just how often I come across websites where debug mode is enabled!
Security Tips
Security Tip: Store Sensitive Config in .env!
[Tip #3] Laravel's config files are great, but don't forget to put sensitive values (i.e. secrets, passwords, tokens, etc) in your .env file!