Support the ongoing development of Laravel.io →
minerbog
posted 9 years ago
Security Database Eloquent
Last updated 2 years ago.
0
awsp
replied 9 years ago
Solution

Here's some of the work around I can think of.

  • Validation check before updating database. (Ownership, Permission, etc)
  • If you have to use hidden field, at least encrypt ID.
  • Avoid using ID with predictive symbols such as 1, 2, 3, ... n, a01, a02, a03, etc.
  • Use session to store the current editing record from server side instead of relying on client side.
  • Security token
Last updated 9 years ago.
0
minerbog
replied 9 years ago

I have ended up going for storing the ID in the session but will certainly have a look at the other options.

Thought about use MySQL UUID() function.

Thanks

0

Sign in to participate in this thread!

Eventy

Your banner here too?

minerbog minerbog Joined 15 Nov 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
BairesDev
Remotely Works
Dotcom-monitor
N-iX

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise