Laravel Security : 5 Major Features You Must Know

Laravel development provide advance security for you by many ways. Using laravel security we can make our project very secure.laravel provide many security constraint like csrf tokens,auth,hash algorithm etc.Here we discuss about some points that laravel provide for security.1)Eloquent ORM

• It is also known as object relational mapping.
• Every Table in database has its own model.
• We have to follow its syntax for query to database.
• It also provides reusability of code.
• Using Eloquent ORM we can prevent SQL Injection.

 

2)Storing Passwords

• Laravel does not store password in database as plain text.
• It’s HASH class provides algorithm for storing password.
• It secures password using Bcrypt hashing.
• If someone tries to decrypt the password then it is not possible.
• It has simple syntax.

Eg:For hashing password using Bcrypt

$pass = Hash:make('your_password');

For verifying

If 

(Hash:('your_password',$encrpted_password))

{

//Password matched

}

else

{

//not matched

}

 
For Checking If A Password Needs To Be Rehashed

if (Hash::needsRehash($encrpted_password))

{

$encrpted_password = Hash::make('your_password');

}

3)CSRF Token

• It stands for cross-site request forgeries.
• It always generate new and unique token on every page load, page refresh, multi tabbing, back button.
• Using a unique CSRF token per request adds a security to the application.

For example if a cookie hijacking happens, a unique token prevent the application from a complete hijacking.SyntaxEg.For add CSRF Token in to form.

{{ csrf_token()}}
 

For verifying token when submit

Route::post('register', array('before' => 'csrf', function()

{

return 'CSRF token Valid!';

}));

Related : Learn The Implementation of Invite Code in Laravel4)Encryption

• It has facilities for strong AES encryption via the mcrypt PHP extension.

Syntax
Eg.

Encrypting A Value
	$encrypted = Crypt::encrypt('YOUR_VALUE');
	
	Decrypting A Value
	$decrypted = Crypt::decrypt($encrypted);

5)Routes Protecting

• It is used for filter routes for authenticated users to get access to particular route.
• It provides default auth filter.
• Default auth filter is defined in app/filters.php.

SyntaxEg.

	Protecting A Route
	Route::get('profile', array('before' => 'auth', function()
	{
	 // Only authenticated users may enter...
	}));

Realted : How to Implement CDN in Laravel?