Table of Contents
Laravel development provide advance security for you by many ways. Using laravel security we can make our project very secure.laravel provide many security constraint like csrf tokens,auth,hash algorithm etc.Here we discuss about some points that laravel provide for security.1)Eloquent ORM
- It is also known as object relational mapping.
- Every Table in database has its own model.
- We have to follow its syntax for query to database.
- It also provides reusability of code.
- Using Eloquent ORM we can prevent SQL Injection.
2)Storing Passwords
- Laravel does not store password in database as plain text.
- It’s HASH class provides algorithm for storing password.
- It secures password using Bcrypt hashing.
- If someone tries to decrypt the password then it is not possible.
- It has simple syntax.
Eg:For hashing password using Bcrypt
$pass = Hash:make('your_password'); For verifying If (Hash:('your_password',$encrpted_password)) { //Password matched } else { //not matched } For Checking If A Password Needs To Be Rehashed if (Hash::needsRehash($encrpted_password)) { $encrpted_password = Hash::make('your_password'); }
3)CSRF Token
- It stands for cross-site request forgeries.
- It always generate new and unique token on every page load, page refresh, multi tabbing, back button.
- Using a unique CSRF token per request adds a security to the application.
For example if a cookie hijacking happens, a unique token prevent the application from a complete hijacking.SyntaxEg.For add CSRF Token in to form.
{{ csrf_token()}}
For verifying token when submit
Route::post('register', array('before' => 'csrf', function()
{
return 'CSRF token Valid!';
}));
Related : Learn The Implementation of Invite Code in Laravel4)Encryption
- It has facilities for strong AES encryption via the mcrypt PHP extension.
Syntax
Eg.
Encrypting A Value
$encrypted = Crypt::encrypt('YOUR_VALUE');
Decrypting A Value
$decrypted = Crypt::decrypt($encrypted);
5)Routes Protecting
- It is used for filter routes for authenticated users to get access to particular route.
- It provides default auth filter.
- Default auth filter is defined in app/filters.php.
SyntaxEg.
Protecting A Route
Route::get('profile', array('before' => 'auth', function()
{
// Only authenticated users may enter...
}));

Digital Transformation begins here!
Let us write your business’s growth story by offering innovative, scalable and result-driven IT solutions. Do you have an idea that has the potential to bring a change in the world? Don’t hesitate. Share with our experts and we will help you to achieve it.