Security Tips
Security Tip: Laravel 11's Automatic Password Rehashing
[Tip #76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and changing bcrypt rounds.
Security Tips
Security Tip: Laravel 11's Controller Authorisation & Validation Methods
[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on the controller - here's how you get it back.
Security Tips
Security Tip: Laravel 11's Middleware Configuration
[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.
Security Tips
Security Tip: A Well-Known URL for Changing Passwords
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware of too!
Security Tips
Security Tip: Don't Forget Your Registration Form!
[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form, it can provide attackers with crucial intel!
Security Tips
Security Tip: Keep Your Tools Updated!
[Tip#71] We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too!
Security Tips
Security Tip: Fix Your Leaky APIs!
[Tip#70] This is your periodic reminder to check your app for any leaky APIs and fix them ASAP, otherwise you might end up with an email from Have I Been Pwned's Troy Hunt...
Security Tips
Security Tip: Use a Supported Version of Laravel!
[Tip#69] Are you using the latest version of Laravel? If not, do you have an upgrade planned?
Security Tips
Security Tip: Use the Alpine.js CSP Build!
[Tip#68] If you use Alpine and a CSP on your app, you'll want to use the new CSP-friendly build to avoid needing `unsafe-eval` in your policies.
Security Tips
Security Tip: Don't Use nl2br()!
[Tip#67] As useful as it sounds, nl2br() can potentially leave you open to Cross-Site Scripting (XSS) vulnerabilities... you should reach for CSS instead!
Security Tips
Security Tip: Use HMAC Hashes To Verify Data
[Tip#66] For those situations where you need to generate a repeatable hash or signature, reach for HMAC, rather than MD5 or SHA1.
Security Tips
Security Tip: Do You Really Need a Hash for That?
[Tip#65] Before you reach for a hashing function, stop and think about what you're hashing and why you're hashing it...