Support the ongoing development of Laravel.io →
georgewritescode
posted 9 years ago
Security Requests Input
Last updated 2 years ago.
0
eneskaya
replied 9 years ago

I would say that it is totally safe to not sanitize your subDomain name. In the domain name you are not allowed to use characters like * or () etc. Hence, you cannot create SQL queries and so on. Other thoughts?

0
georgewritescode
replied 9 years ago

Anyone else?

0
xum
replied 9 years ago

If you are not using DB::raw or other raw database functions (like whereRaw), you are safe.

But remember that "subdomain" is just another header in an HTTP request and thus can be manipulated by user. Whether a web server sanitizes it before passing to PHP, or if PHP does it itself, I'm not sure, but subdomain should be treated as any other user input.

0
georgewritescode
replied 9 years ago

Thanks Xum, thats what i am worries about because it is just, as you stated, HTTP.

However based on your first statement, Laravel sanatizes it through its PDO?

0
xum
replied 9 years ago
Solution

Yep, unless you specifically use raw DB functions, Laravel sanitizes everything.

0
georgewritescode
replied 9 years ago

Thanks!

0

Sign in to participate in this thread!

Eventy

Your banner here too?

georgewritescode georgewritescode Joined 20 Dec 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
BairesDev
Remotely Works
Dotcom-monitor
N-iX

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise