Laravel

Security Best Practices

CSRF protection, XSS prevention, SQL injection, mass assignment, authentication security, encryption, hashing, rate limiting

22 perguntas de entrevistaยท
Senior
1

What is CSRF protection in Laravel?

Resposta

CSRF (Cross-Site Request Forgery) protection prevents cross-site request attacks by validating a unique token for each session. Laravel automatically generates this token and verifies it on all POST, PUT, PATCH, DELETE requests. API routes are exempted as they typically use stateless token-based authentication.

2

How does Laravel prevent XSS attacks by default?

Resposta

Laravel automatically escapes all variables displayed via Blade syntax {{ $variable }}. This escaping converts special HTML characters to entities, preventing malicious script execution. To display raw HTML, you must explicitly use {!! $variable !!}, forcing developers to make a conscious choice.

3

What is the role of the $fillable property in an Eloquent model?

Resposta

The $fillable property defines the whitelist of attributes that can be mass-assigned via create() or update(). This protects against mass assignment attacks where a malicious user could modify sensitive fields like is_admin or role_id. The alternative is $guarded which defines a blacklist of protected fields.

4

Which method should be used to hash a password in Laravel?

5

How does Laravel protect against SQL injections?

+19 perguntas de entrevista

Outros temas de entrevista Laravel

PHP Basics

Junior
25 perguntas

PHP OOP Essentials

Junior
20 perguntas

Composer & Autoloading

Junior
18 perguntas

Laravel Fundamentals

Junior
20 perguntas

Laravel Routing

Junior
20 perguntas

Blade Templates

Junior
18 perguntas

Request & Response

Junior
20 perguntas

Eloquent ORM Basics

Junior
22 perguntas

Eloquent Relationships

Mid-Level
25 perguntas

Migrations & Schema Builder

Mid-Level
20 perguntas

Validation & Forms

Mid-Level
22 perguntas

Authentication

Mid-Level
20 perguntas

Authorization & Policies

Mid-Level
18 perguntas

API Resources & Authentication

Mid-Level
26 perguntas

Middleware

Mid-Level
18 perguntas

Service Container & DI

Mid-Level
20 perguntas

Queues & Jobs

Mid-Level
22 perguntas

Events & Listeners

Mid-Level
18 perguntas

Notifications & Mail

Mid-Level
20 perguntas

File Storage

Mid-Level
18 perguntas

Testing & PHPUnit

Mid-Level
24 perguntas

Caching

Mid-Level
18 perguntas

Livewire & Inertia

Mid-Level
20 perguntas

Eloquent Advanced

Senior
24 perguntas

Repository Pattern

Senior
20 perguntas

Laravel Packages

Senior
20 perguntas

Performance Optimization

Senior
22 perguntas

Laravel Octane

Senior
18 perguntas

Laravel Distributed Systems

Senior
22 perguntas

Observability & Monitoring

Senior
20 perguntas

Deployment & DevOps

Senior
20 perguntas

Domine Laravel para sua proxima entrevista

Acesse todas as perguntas, flashcards, testes tecnicos, exercicios de code review e simuladores de entrevista.

Comece gratis