This is the tenth security tip from Laravel Security in Depth.
Subscribe to receive weekly security tips and monthly In Depth emails covering Laravel Security topics.
When committing changes into version control, you should always selectively stage your changes first before committing. This allows you to manually review every line of code you commit, to ensure any secrets1 or debug code isn’t added.
This is super easy in Git:
git add -p
You can also selectively stage specific files:
git add -p <file>
I’ve even taken it a step further with some Git aliases:
git addp => git add -p git addc => git add -p && git commit -v git acp => git add -p && git commit -v && git push
Sometimes the changes are massive and take time to review, but if you’ve ever accidently pushed debug code onto production (like Like Stack Overflow did with
alert(false);), you’ll appreciate the time saved cleaning up that mess!
Interested in learning more?
If you want to learn more about Laravel security, become a Laravel Security In Depth subscriber and receive monthly In Depth emails about Laravel Security concepts, and access our intentionally vulnerable demo site, plus weekly security tips to help you write secure code.
Past In Depth topics include: Magic Emails, Signed URLs, Policy Objects, Content Security Policies (CSPs), Timing Attacks, Rehashing Passwords, Guessing Placeholders, Escaping Output Safely (XSS), SQL Injection, and Encryption.
Subscribers can access all past emails, so you can get started right away learning the topics that interest you.