secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher security settings.

Fortify session cookie security. 
config/session.php

'secure' => true,
'expire_on_close' => true,
'http_only' => true,
'same_site' => "strict",


Use env call to credentials. Do not use hard-coded values. 
/config/database.php

Comments

Unknown said…
its good for full secure and Website Development has more secure then other framwork

Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

Jumping out of Touch Screen Kiosks

HttpOnly Session ID in URL and Page Body | Cross Site Scripting