Security Best Practices
CSRF protection, XSS prevention, SQL injection, mass assignment, authentication security, encryption, hashing, rate limiting
1What is CSRF protection in Laravel?
What is CSRF protection in Laravel?
回答
CSRF (Cross-Site Request Forgery) protection prevents cross-site request attacks by validating a unique token for each session. Laravel automatically generates this token and verifies it on all POST, PUT, PATCH, DELETE requests. API routes are exempted as they typically use stateless token-based authentication.
2How does Laravel prevent XSS attacks by default?
How does Laravel prevent XSS attacks by default?
回答
Laravel automatically escapes all variables displayed via Blade syntax {{ $variable }}. This escaping converts special HTML characters to entities, preventing malicious script execution. To display raw HTML, you must explicitly use {!! $variable !!}, forcing developers to make a conscious choice.
3What is the role of the $fillable property in an Eloquent model?
What is the role of the $fillable property in an Eloquent model?
回答
The $fillable property defines the whitelist of attributes that can be mass-assigned via create() or update(). This protects against mass assignment attacks where a malicious user could modify sensitive fields like is_admin or role_id. The alternative is $guarded which defines a blacklist of protected fields.
Which method should be used to hash a password in Laravel?
How does Laravel protect against SQL injections?
+19 面接問題