Category : security

I am new to Livewire and I’m trying to use a modal password confirmation in Laravel 8 using Jetstream/Livewire/TailwindCSS. I’d like to do this as an added layer of protection before providing the user with some sensitive information. As per documentation in https://jetstream.laravel.com/2.x/features/password-confirmation.html (#Modal Confirmation Via Livewire) I should be able to create a component ..

Read more

I am developing a project with Laravel. My directory structure on cPanel is as shown below. – company-app (folder) – company-files (folder) – public_html — company.domain.com (subdomain) I moved all Laravel files except public folder to "company-app" folder. I wanted to exclude it from the document root for security purposes. Apart from these, there are ..

Read more

I was developing an API using JWT Authentication. I wrote the below code `public function login(Request $request) { $credentials = $request->only(’email’, ‘password’); if ($token = $this->guard()->attempt($credentials)) { return $this->respondWithToken($token); } return response()->json([‘error’ => ‘Unauthorized’], 401); }` Here, an API request will be here using a post request and form data field in order to log ..

Read more

Please I need help with encrypting concatenated strings using TripleDES encryption Example string “12345678”,hfbcjehce ================== Sample Code public function encryptPayload($data) { $key= $this->encKey; $method = “des-ede3-cbc”; $source = mb_convert_encoding($key, ‘UTF-16LE’, ‘UTF-8’); $key = md5($source, true); // $key .= substr($key, 0, 8); $key .= substr($key, 0, 16); $iv = “{$content}{$content}{$content}{$content}{$content}{$content}{$content}{$content}”; //Pad for PKCS7 $encData = openssl_encrypt($data,$method, ..

Read more

Please I need help with encrypting concatenated strings using TripleDES encryption Example string “12345678”,hfbcjehce ================== Sample Code public function encryptPayload($data) { $key= $this->encKey; $method = “des-ede3-cbc”; $source = mb_convert_encoding($key, ‘UTF-16LE’, ‘UTF-8’); $key = md5($source, true); // $key .= substr($key, 0, 8); $key .= substr($key, 0, 16); $iv = “{$content}{$content}{$content}{$content}{$content}{$content}{$content}{$content}”; //Pad for PKCS7 $encData = openssl_encrypt($data,$method, ..

Read more

I’m using Laravel to make an API into my organization, but when I send to scann my app the security people send me a PDF with some vulnerabilities. One of them is NTLMAuthenticator, searching in google how to fix it, I dont find anything. Is my first time sending to scann my app and trying ..

Read more

So this question might be quite complicated yeah. I have a single Laravel project hosted on a domain “www.example.com” with the Laravel application in root directory folder “example” and public of Laravel application in “public_html”. Now my application works, I have a resources folder holding my blade files with folders, I have an auth folder ..

Read more

I’m having an issue with my site, shell files (file manager shells) are being uploaded to my site and important files are being modified. i’ve removed all file upload mediums on the site but the hacker keeps uploading the file. any idea on what to do? Note: i’ve done all i could to secure the ..

Read more

guys I just want to ask a couple of questions about security problems, if this is not the place to ask these questions then please close the question. I want to make a web application with Laravel where u can watch movies (it would be used only by me and a few friends of mine). ..

Read more

at the moment, I’m thinking about the security levels on database side (in my case postgres) while using laravel. So I came across upon this question: F.e. I have two user roles in Laravel: User, Admin. The user needs select, insert, update permission on the database. The admin needs select, insert, update, delete and create ..

Read more