Posts

Showing posts from September, 2018

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher security settings.

Fortify session cookie security. 
config/session.php

'secure' => true,
'expire_on_close' => true,
'http_only' => true,
'same_site' => "strict",


Use env call to credentials. Do not use hard-coded values. 
/config/database.php