Laravel

Security Best Practices

CSRF protection, XSS prevention, SQL injection, mass assignment, authentication security, encryption, hashing, rate limiting

22 питань зі співбесід·
Senior
1

What is CSRF protection in Laravel?

Відповідь

CSRF (Cross-Site Request Forgery) protection prevents cross-site request attacks by validating a unique token for each session. Laravel automatically generates this token and verifies it on all POST, PUT, PATCH, DELETE requests. API routes are exempted as they typically use stateless token-based authentication.

2

How does Laravel prevent XSS attacks by default?

Відповідь

Laravel automatically escapes all variables displayed via Blade syntax {{ $variable }}. This escaping converts special HTML characters to entities, preventing malicious script execution. To display raw HTML, you must explicitly use {!! $variable !!}, forcing developers to make a conscious choice.

3

What is the role of the $fillable property in an Eloquent model?

Відповідь

The $fillable property defines the whitelist of attributes that can be mass-assigned via create() or update(). This protects against mass assignment attacks where a malicious user could modify sensitive fields like is_admin or role_id. The alternative is $guarded which defines a blacklist of protected fields.

4

Which method should be used to hash a password in Laravel?

5

How does Laravel protect against SQL injections?

+19 питань зі співбесід

Інші теми співбесід Laravel

PHP Basics

Junior
25 запитань

PHP OOP Essentials

Junior
20 запитань

Composer & Autoloading

Junior
18 запитань

Laravel Fundamentals

Junior
20 запитань

Laravel Routing

Junior
20 запитань

Blade Templates

Junior
18 запитань

Request & Response

Junior
20 запитань

Eloquent ORM Basics

Junior
22 запитань

Eloquent Relationships

Mid-Level
25 запитань

Migrations & Schema Builder

Mid-Level
20 запитань

Validation & Forms

Mid-Level
22 запитань

Authentication

Mid-Level
20 запитань

Authorization & Policies

Mid-Level
18 запитань

API Resources & Authentication

Mid-Level
26 запитань

Middleware

Mid-Level
18 запитань

Service Container & DI

Mid-Level
20 запитань

Queues & Jobs

Mid-Level
22 запитань

Events & Listeners

Mid-Level
18 запитань

Notifications & Mail

Mid-Level
20 запитань

File Storage

Mid-Level
18 запитань

Testing & PHPUnit

Mid-Level
24 запитань

Caching

Mid-Level
18 запитань

Livewire & Inertia

Mid-Level
20 запитань

Eloquent Advanced

Senior
24 запитань

Repository Pattern

Senior
20 запитань

Laravel Packages

Senior
20 запитань

Performance Optimization

Senior
22 запитань

Laravel Octane

Senior
18 запитань

Laravel Distributed Systems

Senior
22 запитань

Observability & Monitoring

Senior
20 запитань

Deployment & DevOps

Senior
20 запитань

Опануй Laravel для наступної співбесіди

Отримай доступ до всіх питань, flashcards, технічних тестів, вправ code review та симуляторів співбесід.

Почни безкоштовно