Security Tips
Security Tip: Validate Config at Boot
[Tip #126] Rather than checking for essential config when it's used, throw the checks in your Service Provider - you'll know about configuration failures before your users get a weird error.
Security Tips
Security Tip: Don't Use phpinfo()!
[Tip #112] It may seem like a harmless debugging tool, with a bunch of boring config values and version numbers, but phpinfo() is a goldmine of sensitive data - even when it's "protected" in an admin account! 😈
Security Tips
Security Tip: Yes, Your .Env Is Secure Enough!
[Tip #109] I get asked this all the time, so it's time to set the record straight: there is nothing insecure about storing your credentials in a .env, as long as you keep your .env protected!
In Depth
In Depth: Pentesting Laravel part 2 - Configs, Dependencies, and Routes
[In Depth #28] Continuing our Laravel Security Audit and Penetration Test, we're looking into configs and dependences, and following threads to discover 4 CRITICAL vulnerabilities!
Security Tips
Security Tip: Only Use env() Within Config Files
[Tip #79] It may be tempting to reach for env() outside your config files, but you may be introducing subtle bugs, or exposing your app to compromise...
In Depth
In Depth: Securing Apps on Forge
[InDepth#21] I've had this question many times, so let me take you through the steps I follow when provisioning and securing apps on Forge.
Security Tips
Security Tip: Protect Your .env File!
[Tip#62] Search engines like to snoop on all of your files, so be careful what you leave lying around.
Security Tips
Security Tip: Disable Debug Mode on World-accessible Apps
[Tip#59] It may seem obvious, you'd be surprised just how often I come across websites where debug mode is enabled!
In Depth
In Depth: Storing Environment Variables Safely
[InDepth#17] Let's dive deep into the wonderful world of storing environment variables safely, looking at the different options Laravel supports and some "industry best practices".
Security Tips
Security Tip: Encrypting Environment Files?
[Tip#34] Laravel features the ability to encrypt environment files... but do you need to use it?
Security Tips
Security Tip: Store Sensitive Config in .env!
[Tip #3] Laravel's config files are great, but don't forget to put sensitive values (i.e. secrets, passwords, tokens, etc) in your .env file!