Laravel mechanisms
Laravel is one of the most secure framework. But only Frameworks are not responsible to manage security for you, It depends on the developer who writes codes.
Laravel offers various mechanisms to secure a website. Some of are listed below:
- Encryption
- Storing Password
- Authenticating Users
- Cross-site request forgery (XSS)
- Avoiding SQL injection
- Protecting Routes
- HTTP Basic Authentication
Storing Passwords Laravel gives a class called “Hash” class. “Hash” provides secure Bcrypt hashing. The password can be hashed in the following way.$password = Hash::make('secret');
check(): Function make() will take a value as an argument and will return the hashed value. The hashed value can be checked using the check() function in the following way.Hash::check('secret', $hashedPassword
The above function will return the Boolean value. It will return the true value if password matched and vice-versa.
Authenticating Users
Laravel has made this task easier and to do this we can use Auth::attempt method in the following way.if (Auth::attempt(array('email' => $email, 'password' => $password))) { return Redirect::intended('home');}Read more
