Laravel development provide advance security for you by many ways. Using laravel security we can make our project very secure.laravel provide many security constraint like csrf tokens,auth,hash algorithm etc.Here we discuss about some points that laravel provide for security.1)Eloquent ORM
- It is also known as object relational mapping.
- Every Table in database has its own model.
- We have to follow its syntax for query to database.
- It also provides reusability of code.
- Using Eloquent ORM we can prevent SQL Injection.
2)Storing Passwords
- Laravel does not store password in database as plain text.
- It’s HASH class provides algorithm for storing password.
- It secures password using Bcrypt hashing.
- If someone tries to decrypt the password then it is not possible.
- It has simple syntax.
Eg:For hashing password using Bcrypt
$pass = Hash:make('your_password'); For verifying If (Hash:('your_password',$encrpted_password)) { //Password matched } else { //not matched } For Checking If A Password Needs To Be Rehashed if (Hash::needsRehash($encrpted_password)) { $encrpted_password = Hash::make('your_password'); }
3)CSRF Token
- It stands for cross-site request forgeries.
- It always generate new and unique token on every page load, page refresh, multi tabbing, back button.
- Using a unique CSRF token per request adds a security to the application.
For example if a cookie hijacking happens, a unique token prevent the application from a complete hijacking.SyntaxEg.For add CSRF Token in to form.
{{ csrf_token()}}
For verifying token when submit
Route::post('register', array('before' => 'csrf', function()
{
return 'CSRF token Valid!';
}));
Related : Learn The Implementation of Invite Code in Laravel4)Encryption
- It has facilities for strong AES encryption via the mcrypt PHP extension.
Syntax
Eg.
Encrypting A Value
$encrypted = Crypt::encrypt('YOUR_VALUE');
Decrypting A Value
$decrypted = Crypt::decrypt($encrypted);
5)Routes Protecting
- It is used for filter routes for authenticated users to get access to particular route.
- It provides default auth filter.
- Default auth filter is defined in app/filters.php.
SyntaxEg.
Protecting A Route
Route::get('profile', array('before' => 'auth', function()
{
// Only authenticated users may enter...
}));
About Author
Tarun Bansal - Technical Head
Tarun is a technology enthusiast with a flair for solving complex challenges. His technical expertise and deep knowledge of emerging trends have made him a go-to person for strategic tech initiatives. Passionate about innovation, Tarun continuously explores new ways to drive efficiency and performance in every project he undertakes.