Sayed Ahmed, profile picture
Uploaded bySayed Ahmed
PPTX, PDF383 views

Security in laravel

This document provides an overview of authentication and security configurations and functions in Laravel. It discusses setting an encryption key in the app.php file, authentication settings in the auth.php file, password hashing with the Hash class, authentication attempts with Auth, remembering logins with cookies, accessing the logged in user, logging out, and password resets using Laravel's built-in functionality. Functions like Hash, Auth, Crypt and Password are covered, along with creating authentication and password reset views.

Download to read offline
AUTHENTICATION AND SECURITY IN LARAVEL REFERENCE: HTTP://LARAVEL.COM/DOCS/SECURITY#CONFIGURATION Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada http://sayed.justetc.net
AUTH AND SECURITY CONFIGURATIONS  One security setting can be found at  app/config/app.php  'key’ for encryption key, 256 bit AES  http://en.wikipedia.org/wiki/Advanced_Encryption_Sta ndard  Key should be used otherwise the encryption will not be strong  32 characters key
app/config/auth.php  Some authentication settings can be found at  app/config/auth.php  <?php  return array(  'driver' => 'eloquent‘,  ‘model' => 'User',  'table' => 'users',  'reminder' => array(  'email' => 'emails.auth.reminder',  'table' => 'password_reminders',  'expire' => 60,  ),  );
AUTH.PHP PARAMETERS  'driver’ : eloquent or database  ‘model’ : model used for authentication  'table’ : database table associated with this model  ‘'reminder’ : configuration for password reminder sending
OPTIONS FOR AUTHENTICATION IMPLEMENTATION  If you do not use Eloquent  Use database authentication driver  Use QueryBuilder  If you use Eloquent ORM  Use eloquent authentication driver  app/models has a model User  password field is a minimum of 60 characters  You will use ORM based data manipulation (retrieve, update)
FUNCTIONS THAT WILL FACILITATE AUTHENTICATION AND SECURITY  Just lightly check, for the most part, you will know what they mean  The Laravel Hash class provides secure Bcrypt hashing:  Hash::make('secret');  Hash::check('secret', $hashedPassword)  Hash::needsRehash($hashed)  Auth  Auth::attempt()  Auth::check()  Auth::viaRemember()  Auth::user()  Auth::loginUsingId(1)  Auth::validate($credentials)  Auth::once($credentials)
FUNCTIONS THAT WILL FACILITATE AUTHENTICATION AND SECURITY  Auth  Auth::login($user)  Auth::logout()  Crypt  Crypt::setMode('ctr')  Crypt::setCipher($cipher)  Crypt::decrypt($encryptedValue)  Crypt::encrypt('secret')  Password  Password::validator()
NOW, SETTING THE PASSWORD  Create a hash for the user provided password  $password = Hash::make('secret');  Hash the password and check it against the hash of the existing password  if (Hash::check('secret', $hashedPassword)) {  // The passwords match...  }
AUTHENTICATE  if ( !Auth::check() ) {  // The user is not logged in...  if (Auth::attempt(  array(  ‘db_field_for_username' => $user_provided_username, ‘db_field_for_password' => $password_in_the_login_form )) ) { return Redirect::intended('dashboard'); //closure }  }  Note: Auth:attempt() fires Auth:login on success
AUTHENTICATE WITH CONDITION  Condition: Id, password have to match  also the user has to be active  if (Auth::attempt(  array('email' => $email, 'password' => $password, 'active' => 1)))  {  // The user is active, not suspended, and exists.  }  Note: For added protection against session fixation, the user's session ID will automatically be regenerated after authenticating.
REMEMBERING LOGIN USING COOKIES  Remember user login status  if (Auth::attempt(  array('email' => $email, 'password' => $password), true)) {  // The user is being remembered...  }  Authentication at a later time if remembered  if (Auth::viaRemember()) {  //  }
MISC  Access the loggedin user  $email = Auth::user()->email;  Check user credentials without actually log him in  if (Auth::validate($credentials)) { // }  Logout  Auth::logout();
PASSWORD RESET AND REMINDERS  You can use Laravel built-in strategy  There will be password reminder form to initiate the request  Password reset link will be sent to email  Then password reset form will be there  You can use artisan commands to create the table, and the controller  The controller will have all the methods  You just need to write the reminder form and the reset form  Yes, in view files  You need to create the views as well  Must if you want to use this strategy:  Make sure User model implements theIlluminateAuthRemindersRemindableInterface  To Create the related stuff (DB table, controller)  php artisan auth:reminders  php artisan migrate  php artisan auth:reminders-controller
PASSWORD REMINDER FORM  The controller will have all the methods  You just need to create the view file and the form in it  password.remind  <form  action="{{ action('RemindersController@postReset') }}" method="POST">  <input type="email" name="email">  <input type="submit" value="Send Reminder">  </form>
PASSWORD RESET  <form  action="{{ action('RemindersController@postReset') }}" method="POST">  <input type="hidden" name="token" value="{{ $token }}">  <input type="email" name="email">  <input type="password" name="password">  <input type="password" name="password_confirmation">  <input type="submit" value="Reset Password">  </form>
REFERENCE  http://laravel.com/docs/security#configuration

More Related Content

PDF
Basics of JavaScript
byBala Narayanan
 
PDF
Data types in c++
byRushikeshGaikwad28
 
PDF
JUnit 5 - The Next Generation
byKostadin Golev
 
PDF
Managing I/O in c++
byPranali Chaudhari
 
PPTX
Overview of character encoding
byDuy Lâm
 
PPTX
What is an API?
byMuhammad Zuhdi
 
PPTX
HTML-5 New Input Types
byMinhas Kamal
 
PPTX
Operator overloading
byKumar
 
Basics of JavaScript
byBala Narayanan
 
Data types in c++
byRushikeshGaikwad28
 
JUnit 5 - The Next Generation
byKostadin Golev
 
Managing I/O in c++
byPranali Chaudhari
 
Overview of character encoding
byDuy Lâm
 
What is an API?
byMuhammad Zuhdi
 
HTML-5 New Input Types
byMinhas Kamal
 
Operator overloading
byKumar
 

What's hot

PPTX
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
byForgeRock
 
PDF
TypeScript: coding JavaScript without the pain
bySander Mak (@Sander_Mak)
 
PPTX
Loops PHP 04
bymohamedsaad24
 
PPT
Object-oriented concepts
byBG Java EE Course
 
PDF
Operators in PHP
byVineet Kumar Saini
 
PPTX
sSCOPE RESOLUTION OPERATOR.pptx
byNidhi Mehra
 
PPT
JavaScript Arrays
byReem Alattas
 
PPTX
C# Inheritance
byPrem Kumar Badri
 
PPTX
Web services SOAP
byprinceirfancivil
 
PPT
Operators in C++
bySachin Sharma
 
PPTX
Android Services
byAhsanul Karim
 
ODP
OAuth2 - Introduction
byKnoldus Inc.
 
PPTX
API Development with Laravel
byMichael Peacock
 
PPSX
C++ Programming Language
byMohamed Loey
 
PDF
Html text and formatting
byeShikshak
 
PPTX
This pointer
byKamal Acharya
 
PPTX
Php basics
byJamshid Hashimi
 
PPTX
9. ES6 | Let And Const | TypeScript | JavaScript
bypcnmtutorials
 
PPTX
Constructor and Types of Constructors
byDhrumil Panchal
 
PPTX
Coding standards for java
bymaheshm1206
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
byForgeRock
 
TypeScript: coding JavaScript without the pain
bySander Mak (@Sander_Mak)
 
Loops PHP 04
bymohamedsaad24
 
Object-oriented concepts
byBG Java EE Course
 
Operators in PHP
byVineet Kumar Saini
 
sSCOPE RESOLUTION OPERATOR.pptx
byNidhi Mehra
 
JavaScript Arrays
byReem Alattas
 
C# Inheritance
byPrem Kumar Badri
 
Web services SOAP
byprinceirfancivil
 
Operators in C++
bySachin Sharma
 
Android Services
byAhsanul Karim
 
OAuth2 - Introduction
byKnoldus Inc.
 
API Development with Laravel
byMichael Peacock
 
C++ Programming Language
byMohamed Loey
 
Html text and formatting
byeShikshak
 
This pointer
byKamal Acharya
 
Php basics
byJamshid Hashimi
 
9. ES6 | Let And Const | TypeScript | JavaScript
bypcnmtutorials
 
Constructor and Types of Constructors
byDhrumil Panchal
 
Coding standards for java
bymaheshm1206
 

Viewers also liked

PPTX
Laravel Beginners Tutorial 1
byVikas Chauhan
 
PPTX
Laravel - Website Development in Php Framework.
bySWAAM Tech
 
PPTX
Workshop Laravel 5.2
byWahyu Rismawan
 
PDF
Two factor authentication with Laravel and Google Authenticator
byAllan Denot
 
PPT
Laravel Starter Kit | Laravel Admin Template-ChandraAdmin
byLorvent56
 
PDF
Laravel 4 presentation
byAbu Saleh Muhammad Shaon
 
PPTX
Creating a gmail account
byMaritaShiels
 
PDF
Intro to Laravel PHP Framework
byBill Condo
 
PDF
All the Laravel Things – Up & Running to Making $$
byJoe Ferguson
 
PPTX
Laravel 5
byBrian Feaver
 
PDF
Knowing Laravel 5 : The most popular PHP framework
byBukhori Aqid
 
Laravel Beginners Tutorial 1
byVikas Chauhan
 
Laravel - Website Development in Php Framework.
bySWAAM Tech
 
Workshop Laravel 5.2
byWahyu Rismawan
 
Two factor authentication with Laravel and Google Authenticator
byAllan Denot
 
Laravel Starter Kit | Laravel Admin Template-ChandraAdmin
byLorvent56
 
Laravel 4 presentation
byAbu Saleh Muhammad Shaon
 
Creating a gmail account
byMaritaShiels
 
Intro to Laravel PHP Framework
byBill Condo
 
All the Laravel Things – Up & Running to Making $$
byJoe Ferguson
 
Laravel 5
byBrian Feaver
 
Knowing Laravel 5 : The most popular PHP framework
byBukhori Aqid
 

Similar to Security in laravel

PPTX
Laravel development (Laravel History, Environment Setup & Laravel Installatio...
byDilouar Hossain
 
KEY
Authentication
bysoon
 
PDF
How to implement multiple authentication guards in laravel 8
byKaty Slemon
 
PDF
Ch 6: Attacking Authentication
bySam Bowne
 
PDF
CNIT 129S: Ch 6: Attacking Authentication
bySam Bowne
 
PPTX
introduction to Laravel and its Basic and origin
byKarthik Rohan
 
PPTX
Laravel Security Standards
bySingsys Pte Ltd
 
PDF
How to learn Laravel5 application from Authentication
byMasashi Shinbara
 
PPTX
Laravelphpmiddleware
byDucat
 
PDF
Object Oriented Programming with Laravel - Session 4
byShahrzad Peyman
 
PDF
Laravel level 2 (Let's Practical)
byKriangkrai Chaonithi
 
PDF
Laravel Security_ Protecting Your Web Applications.pdf
byNevina Infotech
 
PDF
Intro to Laravel 4
bySingapore PHP User Group
 
PPTX
Laravel5 Introduction and essentials
byPramod Kadam
 
PDF
Java Web Programming [9/9] : Web Application Security
byIMC Institute
 
PDF
Session4-Authentication
byzakieh alizadeh
 
PPTX
Security fundamentals
byABDEL RAHMAN KARIM
 
PPTX
Web security for app developers
byPablo Gazmuri
 
PDF
Protecting Sensitive Data in Laravel: How To Securely Store Data?
byKretoss Technology
 
PDF
Laravel website security and performance optimization guide (pro tips to fine...
byKaty Slemon
 
Laravel development (Laravel History, Environment Setup & Laravel Installatio...
byDilouar Hossain
 
Authentication
bysoon
 
How to implement multiple authentication guards in laravel 8
byKaty Slemon
 
Ch 6: Attacking Authentication
bySam Bowne
 
CNIT 129S: Ch 6: Attacking Authentication
bySam Bowne
 
introduction to Laravel and its Basic and origin
byKarthik Rohan
 
Laravel Security Standards
bySingsys Pte Ltd
 
How to learn Laravel5 application from Authentication
byMasashi Shinbara
 
Laravelphpmiddleware
byDucat
 
Object Oriented Programming with Laravel - Session 4
byShahrzad Peyman
 
Laravel level 2 (Let's Practical)
byKriangkrai Chaonithi
 
Laravel Security_ Protecting Your Web Applications.pdf
byNevina Infotech
 
Intro to Laravel 4
bySingapore PHP User Group
 
Laravel5 Introduction and essentials
byPramod Kadam
 
Java Web Programming [9/9] : Web Application Security
byIMC Institute
 
Session4-Authentication
byzakieh alizadeh
 
Security fundamentals
byABDEL RAHMAN KARIM
 
Web security for app developers
byPablo Gazmuri
 
Protecting Sensitive Data in Laravel: How To Securely Store Data?
byKretoss Technology
 
Laravel website security and performance optimization guide (pro tips to fine...
byKaty Slemon
 

More from Sayed Ahmed

PPTX
Sap hana-ide-overview-nodev
bySayed Ahmed
 
PPT
Story telling and_narrative
bySayed Ahmed
 
PPTX
[not edited] Demo on mobile app development using ionic framework
bySayed Ahmed
 
PPTX
Python py charm anaconda jupyter installation and basic commands
bySayed Ahmed
 
PDF
Workplace, Data Analytics, and Ethics
bySayed Ahmed
 
PPTX
Whm and cpanel overview hosting control panel overview
bySayed Ahmed
 
PPTX
Will be an introduction to
bySayed Ahmed
 
PPTX
Symfony 2
bySayed Ahmed
 
PPTX
Unit tests in_symfony
bySayed Ahmed
 
PPTX
Web design and_html_part_3
bySayed Ahmed
 
PPTX
Web application development using zend framework
bySayed Ahmed
 
PPTX
Web design and_html
bySayed Ahmed
 
PPT
Unreal
bySayed Ahmed
 
PPTX
Virtualization
bySayed Ahmed
 
PPT
User interfaces
bySayed Ahmed
 
PPTX
Telerik this is sayed
bySayed Ahmed
 
PPTX
Visual studio ide shortcuts
bySayed Ahmed
 
PPTX
Web design and_html_part_2
bySayed Ahmed
 
PPTX
System analysis and_design
bySayed Ahmed
 
PPTX
Invest wisely
bySayed Ahmed
 
Sap hana-ide-overview-nodev
bySayed Ahmed
 
Story telling and_narrative
bySayed Ahmed
 
[not edited] Demo on mobile app development using ionic framework
bySayed Ahmed
 
Python py charm anaconda jupyter installation and basic commands
bySayed Ahmed
 
Workplace, Data Analytics, and Ethics
bySayed Ahmed
 
Whm and cpanel overview hosting control panel overview
bySayed Ahmed
 
Will be an introduction to
bySayed Ahmed
 
Symfony 2
bySayed Ahmed
 
Unit tests in_symfony
bySayed Ahmed
 
Web design and_html_part_3
bySayed Ahmed
 
Web application development using zend framework
bySayed Ahmed
 
Web design and_html
bySayed Ahmed
 
Unreal
bySayed Ahmed
 
Virtualization
bySayed Ahmed
 
User interfaces
bySayed Ahmed
 
Telerik this is sayed
bySayed Ahmed
 
Visual studio ide shortcuts
bySayed Ahmed
 
Web design and_html_part_2
bySayed Ahmed
 
System analysis and_design
bySayed Ahmed
 
Invest wisely
bySayed Ahmed
 

Recently uploaded

PDF
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
PDF
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
PPTX
UiPath Automation Suite_Community Session_3/3
bysuhanisingh58689
 
PDF
Dev Dives: Unlocking Enterprise Data with UiPath Data Fabric
byUiPathCommunity
 
PDF
Staying Ahead of the Curve - Roaming Just Got Easier
bypanagenda
 
PDF
Session 8 Specialized AI Associate Series: Fundamentals of Model Training
byDianaGray10
 
PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
PDF
Log-based anomaly detection using BiLSTM-Autoencoder
byMohammed BEKKOUCHE
 
PDF
Transform Your Online Store with AltiusNxt AI Enriched data
byAltiusNxt Technologies
 
PDF
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
PDF
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
PDF
AI Demands More: Help Ensure Network Readiness With ThousandEyes
byThousandEyes
 
PDF
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
PDF
Transcript: Ready, set, go: Pre-fall sales trends and data-driven insights - ...
byBookNet Canada
 
PDF
MicroPython presentation - PyConFr Lyon 2025 - Amine Bendahmane
byAmine Bendahmane
 
PDF
UiPath Community Day UNI - Nuevos productos de UiPath.pdf
byfelixluen
 
PDF
FME Realize in the Real World - The Power of Spatial Computing in Action
bySafe Software
 
PDF
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
PDF
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
PDF
2025 AI Adoption Report: Gen AI Fast-Tracks Into the Enterprise
byRazin Mustafiz
 
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
UiPath Automation Suite_Community Session_3/3
bysuhanisingh58689
 
Dev Dives: Unlocking Enterprise Data with UiPath Data Fabric
byUiPathCommunity
 
Staying Ahead of the Curve - Roaming Just Got Easier
bypanagenda
 
Session 8 Specialized AI Associate Series: Fundamentals of Model Training
byDianaGray10
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
Log-based anomaly detection using BiLSTM-Autoencoder
byMohammed BEKKOUCHE
 
Transform Your Online Store with AltiusNxt AI Enriched data
byAltiusNxt Technologies
 
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
AI Demands More: Help Ensure Network Readiness With ThousandEyes
byThousandEyes
 
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
Transcript: Ready, set, go: Pre-fall sales trends and data-driven insights - ...
byBookNet Canada
 
MicroPython presentation - PyConFr Lyon 2025 - Amine Bendahmane
byAmine Bendahmane
 
UiPath Community Day UNI - Nuevos productos de UiPath.pdf
byfelixluen
 
FME Realize in the Real World - The Power of Spatial Computing in Action
bySafe Software
 
Fighting CVEs in Embedded Linux with the Yocto Project and OTA Updates
byLeon Anavi
 
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
2025 AI Adoption Report: Gen AI Fast-Tracks Into the Enterprise
byRazin Mustafiz
 

Security in laravel

  • 1.
    AUTHENTICATION AND SECURITYIN LARAVEL REFERENCE: HTTP://LARAVEL.COM/DOCS/SECURITY#CONFIGURATION Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada http://sayed.justetc.net
  • 2.
    AUTH AND SECURITYCONFIGURATIONS  One security setting can be found at  app/config/app.php  'key’ for encryption key, 256 bit AES  http://en.wikipedia.org/wiki/Advanced_Encryption_Sta ndard  Key should be used otherwise the encryption will not be strong  32 characters key
  • 3.
    app/config/auth.php  Some authenticationsettings can be found at  app/config/auth.php  <?php  return array(  'driver' => 'eloquent‘,  ‘model' => 'User',  'table' => 'users',  'reminder' => array(  'email' => 'emails.auth.reminder',  'table' => 'password_reminders',  'expire' => 60,  ),  );
  • 4.
    AUTH.PHP PARAMETERS  'driver’: eloquent or database  ‘model’ : model used for authentication  'table’ : database table associated with this model  ‘'reminder’ : configuration for password reminder sending
  • 5.
    OPTIONS FOR AUTHENTICATIONIMPLEMENTATION  If you do not use Eloquent  Use database authentication driver  Use QueryBuilder  If you use Eloquent ORM  Use eloquent authentication driver  app/models has a model User  password field is a minimum of 60 characters  You will use ORM based data manipulation (retrieve, update)
  • 6.
    FUNCTIONS THAT WILLFACILITATE AUTHENTICATION AND SECURITY  Just lightly check, for the most part, you will know what they mean  The Laravel Hash class provides secure Bcrypt hashing:  Hash::make('secret');  Hash::check('secret', $hashedPassword)  Hash::needsRehash($hashed)  Auth  Auth::attempt()  Auth::check()  Auth::viaRemember()  Auth::user()  Auth::loginUsingId(1)  Auth::validate($credentials)  Auth::once($credentials)
  • 7.
    FUNCTIONS THAT WILLFACILITATE AUTHENTICATION AND SECURITY  Auth  Auth::login($user)  Auth::logout()  Crypt  Crypt::setMode('ctr')  Crypt::setCipher($cipher)  Crypt::decrypt($encryptedValue)  Crypt::encrypt('secret')  Password  Password::validator()
  • 8.
    NOW, SETTING THEPASSWORD  Create a hash for the user provided password  $password = Hash::make('secret');  Hash the password and check it against the hash of the existing password  if (Hash::check('secret', $hashedPassword)) {  // The passwords match...  }
  • 9.
    AUTHENTICATE  if (!Auth::check() ) {  // The user is not logged in...  if (Auth::attempt(  array(  ‘db_field_for_username' => $user_provided_username, ‘db_field_for_password' => $password_in_the_login_form )) ) { return Redirect::intended('dashboard'); //closure }  }  Note: Auth:attempt() fires Auth:login on success
  • 10.
    AUTHENTICATE WITH CONDITION Condition: Id, password have to match  also the user has to be active  if (Auth::attempt(  array('email' => $email, 'password' => $password, 'active' => 1)))  {  // The user is active, not suspended, and exists.  }  Note: For added protection against session fixation, the user's session ID will automatically be regenerated after authenticating.
  • 11.
    REMEMBERING LOGIN USINGCOOKIES  Remember user login status  if (Auth::attempt(  array('email' => $email, 'password' => $password), true)) {  // The user is being remembered...  }  Authentication at a later time if remembered  if (Auth::viaRemember()) {  //  }
  • 12.
    MISC  Access theloggedin user  $email = Auth::user()->email;  Check user credentials without actually log him in  if (Auth::validate($credentials)) { // }  Logout  Auth::logout();
  • 13.
    PASSWORD RESET ANDREMINDERS  You can use Laravel built-in strategy  There will be password reminder form to initiate the request  Password reset link will be sent to email  Then password reset form will be there  You can use artisan commands to create the table, and the controller  The controller will have all the methods  You just need to write the reminder form and the reset form  Yes, in view files  You need to create the views as well  Must if you want to use this strategy:  Make sure User model implements theIlluminateAuthRemindersRemindableInterface  To Create the related stuff (DB table, controller)  php artisan auth:reminders  php artisan migrate  php artisan auth:reminders-controller
  • 14.
    PASSWORD REMINDER FORM The controller will have all the methods  You just need to create the view file and the form in it  password.remind  <form  action="{{ action('RemindersController@postReset') }}" method="POST">  <input type="email" name="email">  <input type="submit" value="Send Reminder">  </form>
  • 15.
    PASSWORD RESET  <form action="{{ action('RemindersController@postReset') }}" method="POST">  <input type="hidden" name="token" value="{{ $token }}">  <input type="email" name="email">  <input type="password" name="password">  <input type="password" name="password_confirmation">  <input type="submit" value="Reset Password">  </form>
  • 16.