Laravel 5.1 | CSRF Protection - Safe Enough?
I'm using csrf protection by default in my website. There are some forms across the website which allow users to send data to DB (like comments).
As much as you know - csrf protection is enough to prevent attacks and injections?
Answer
The CSRF (Cross-Site Request Forgery) token is enough to prevent CSRF attack - see some more details about that attack here: https://en.wikipedia.org/wiki/Cross-site_request_forgery
There are various other threats that need to be handled separately - you can read about most popular attacks here: https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013
Laravel has built-in measures against other popular types of attacks as well. Output is by default escaped, which should prevent XSS attack. Queries that you do with Eloquent are also protected against SQL injection attack.
Related Questions
- → "failed to open stream" error when executing "migrate:make"
- → October CMS Plugin Routes.php not registering
- → OctoberCMS Migrate Table
- → OctoberCMS Rain User plugin not working or redirecting
- → October CMS Custom Mail Layout
- → October CMS - How to correctly route
- → October CMS - Conditionally Load a Different Page
- → Make a Laravel collection into angular array (octobercms)
- → In OctoberCMS how do you find the hint path?
- → How to register middlewares in OctoberCMS plugin?
- → Validating fileupload(image Dimensions) in Backend Octobercms
- → OctoberCMS Fileupload completely destroys my backend
- → How do I call the value from another backed page form and use it on a component in OctoberCms