Discussion Laravel Security

Some tips to reinforce security in Laravel

Prevent from Brute-force attack

In Laravel 7, Illuminate\Foundation\Auth\ThrottlesLogins is already there in LoginController which is used to prevent brute-force attack.

Route::post(‘login’, ‘Auth\LoginController@postLogin’)->middleware(“throttle: maxAttempts, decayMinutes“);

Prevent from going back in browser history after login/logout

After logout, users should not be able to go back to the previous page by using browser’s “back” button. We need to add “revalidate” middleware to the controllers which should be protected.

 $this->middleware(‘revalidate’);  // RevalidateBackHistory

On the other hand, users should not be able to go back to the login page after successful login. We need to add “guest” middleware into the LoginController’s constructor.

$this->middleware(‘guest’); // RedirectIfAuthenticated

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *