Ad

Laravel 5.1 | CSRF Protection - Safe Enough?

I'm using csrf protection by default in my website. There are some forms across the website which allow users to send data to DB (like comments).

As much as you know - csrf protection is enough to prevent attacks and injections?

Ad

Answer

The CSRF (Cross-Site Request Forgery) token is enough to prevent CSRF attack - see some more details about that attack here: https://en.wikipedia.org/wiki/Cross-site_request_forgery

There are various other threats that need to be handled separately - you can read about most popular attacks here: https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013

Laravel has built-in measures against other popular types of attacks as well. Output is by default escaped, which should prevent XSS attack. Queries that you do with Eloquent are also protected against SQL injection attack.

Ad
source: stackoverflow.com
Ad