Security & Privacy
Feel secure knowing Jalapeño uses:
-
Full-featured Authentication system
In the deep core Laravel uses “providers” and “guards” to facilitate authentication. With Guards one can control how users will be authenticated for each request made and the providers allow retrieving of users from the database (storage).
-
Protection against SQL Injection
Eloquent ORM in Laravel uses PDO parameter binding in order to fight against SQL injection. This type of binding the parameters ensures that the data passed from users in request variables are directly not utilized in SQL queries. This may result in compromising the query for a hacker and can result in data theft and other serious consequences.
-
Protection against CSRF (Cross-site Request Forgery)
When an already authenticated user on your web application, visits a website, which has a malicious link which in turn sends a request to your web application’s route, your back-end only knows that its one of a request from an authenticated user. However the attacker in this case will control the data sent along with the request.
-
Laravel uses CSRF tokens in order to restrict 3rd parties from generating such forged requests. Usually this is done by generating and adding a valid token that should be added in each request whether its coming from a form or whether its an AJAX request. Laravel then compares this token automatically with the value which it has saved additionally to that particular user’s session. In case the token doesn’t match with the one stored that particular request is considered to be invalid, otherwise from CSRF point of view that request is valid.
-
Protection against XSS (Cross-site Scripting)
XSS attacks are something when a user uses input fields to add JavaScript code to your web page. Now whenever new users will open that page this specific JavaScript code will also be executed which may be malicious.
- Secure Data Storage on Canada-based Server Cluster