Article 0
Do you use PHP's `serialize()` and `unserialize()` functions with user data?https://securinglaravel.com/p/security-tip-encodingserialising#Laravel#PHP
View ArticleArticle 0
Now that Ubuntu 24.04 LTS is released, I'll try to turn my hacky bash scripts that give me a fully working Laravel dev env on WSL into something sharable and throw them up on a gist.Looks like a few...
View ArticleArticle 3
Up until now, Laravel has only supported rate limiting per-minute, but that didn't work in some scenarios, as a minute can be a very long time. To solve this, Laravel 11 supports per-second rate...
View ArticleArticle 2
It's finally happening: Securing Laravel is moving off Substack onto Ghost this week! 🎉Just asked Substack to disconnect my Stripe account, and once that's done I can connect Ghost and get them to...
View ArticleArticle 1
As expected, some form of payment is required to "avoid this conflict"... Let's see what those prices are! 🍿Any guesses what sort of prices they'll come back with?(I've stopped redacting, as it's...
View ArticleArticle 0
I also decided to poke the bear and respond to ZN. 😈I'm curious to see what sort of fight they are interested in, and the other side of this scam.
View ArticleArticle 0
The migration from Substack to Ghost has started!Annoyingly, Substack had to disconnect Stripe, so until everything is in Ghost, everyone will appear as a "free subscriber"... 😒It should be resolved in...
View ArticleArticle 3
Subscriptions have been imported, and apart from some small issues (no Group subscription support), it looks good so far! 🤞I'm just waiting on the OK to switch over the domain! 🤓Annoyingly the Ghost...
View ArticleArticle 2
Switched the domain over to Ghost, and now everything is 404'ing... 😞This is definitely not going according to plan!
View ArticleArticle 1
Ah, found the redirects.yaml file and fixed up the redirects! Everything should load correctly now. 😅I'd love a way to see 404's though, so I can fix up any I've missed. 😉
View ArticleArticle 0
For those following along at home, here's where I'm up to with the Securing Laravel move:✅Post content✅Billing✅Domain✅Redirects❌Post tags❌Footnotes❌Post formatting❌Group subs❌API lexical post...
View ArticleArticle 0
The last big thing I need to fix before I can take a break and focus on other things is tags... but apparently Substack's post export doesn't include tags. 😡I guess I'll be manually restoring 76 tags.
View ArticleArticle 1
Securing Laravel has now officially moved to Ghost from Substack! 🎉I'll be sending out the first Security Tip written on Ghost later today, but first, it's time for a migration discount!For the next 2...
View ArticleArticle 0
It may be tempting to reach for env() outside your config files, but you may be introducing subtle bugs, or exposing your app to...
View ArticleArticle 3
I could've written an article about how to properly secure your API, but instead, I started with an utterly terrible way to secure your API... 😈https://blog.treblle.com/securing-your-api-the-wrong-way/
View ArticleArticle 2
User input comes in many different forms, and sometimes your app will believe whatever your users tell it... especially if it's in a header! 😈(AKA that time I tried to fix a vulnerable configuration...
View ArticleArticle 1
No answer from ZN, which is disappointing... 😔But SL delivered the goods, and a price list!I'm going to ask for more details about this "Internet Keyword" thing... 🤔
View ArticleArticle 0
If you need to generate passwords in your app, it's important to use a cryptographically secure algorithm. Laravel makes this easy by giving us the Str::password()...
View ArticleArticle 0
Laravel is full of little helpers and features, and the Timebox is one that's often overlooked. 🧐Wrap your code inside the Timebox, and timing differences become a lot harder to measure....
View ArticleArticle 4
Fair warning my Laravel & security friends:Now that The Rings of Power promo is starting back up, I'll probably start talking about that on here too because I loved S1, and am very excited for S2....
View Article