Categories
Development LaraSec Security

Should You Block Compromised Passwords?

This is the thirteenth security tip from Laravel Security in Depth.Subscribe to receive weekly security tips and monthly In Depth emails covering Laravel Security topics. Passwords are the digital keys that keep user accounts safe, but passwords only work when they are secret and unguessable. The classic “fix” is to impose password complexity rules, but […]

Categories
Development LaraSec Security

Always Pass User Input Through a Validator

This is the seventh security tip from Laravel Security in Depth, which was sent out on November 9th. You can subscribe to receive more tips and monthly In Depth emails covering of Laravel Security. Don’t trust user input. Don’t trust user input. And one more for good measure… Don’t trust user input. You should always […]

Categories
Development LaraSec Security

Why Parameterised Queries Are Important

This is the fourth security tip from my Laravel Security in Depth newsletter, sent out to all subscribers on October 8th. Please subscribe if you’d like these tips delivered weekly. Laravel provides an expressive fluent interface for building database queries, either as raw queries through the query builder or as part of Eloquent (Laravel’s Object-Relational Mapper, ORM). The query builder allows […]

Categories
Development Security

Using a Custom Key for Encrypted Cast Model Attributes in Laravel

This is the first security tip from my Laravel Security in Depth newsletter, sent out on Monday to all subscribers. Please sign up if you’d like these tips delivered weekly. Laravel allows you to cast model attributes as encrypted strings, when stored in the database. This gives you added security for any values that are […]

Categories
Security

Introducing Laravel Security in Depth

I started Laravel Security in Depth as a way to share my security knowledge with the Laravel community, and have a lot of fun doing so. My goal is to provide a community for everyone, regardless of their skill level and prior experience in security, where you can learn new things and ask questions, and learn to […]

Categories
Development Tutorials

Getting Started with PHPUnit in Laravel

Note: I originally wrote and published this article as a Semaphore CI Community Tutorial. Introduction PHPUnit is one of the oldest and most well known unit testing packages for PHP. It is primarily designed for unit testing, which means testing your code in the smallest components possible, but it is also incredibly flexible and can […]

Categories
Development

Using Laravel 5 Middleware for Parameter Persistence

I am lucky enough to get to work on a large Laravel 5 full time in my day job, with some awesome developers.I recently came up with what is, in my humble opinion, an elegant and simple solution for what we all initiallythought was quite a complex problem. If you’ve used this trick before,or know […]

Categories
Development

php artisan serve for Laravel 5

Important: In an entertaining example of poor timing, Taylor Otwell added the serve command back into the framework shortly after I published this. There is now no need to use this package. Users of Laravel 4 will remember that it came with a fantastic little command:

Categories
Development

Laravel 4 Down Safe

Laravel is a fantastic PHP Framework that does most of the complex, and boring, application framework tasks for you, so you can focus on the application itself. One of the components it provides is a full Queue Worker system to make it very easy to add jobs into a queue and process them in the […]

Categories
Development

Sorting eager loaded records in Laravel's Eloquent.

Eloquent, which is Laravel’s ORM, has some really nice features. One of which is the [Eager Loading][eager]functionality that allows you to request all of the related records in one hit, to avoid having to makemultiple database calls for each iteration of a loop. Let’s look at a simple example which returns the latest 10 blog […]