Author : Ram Kumar Paliwal 1
Date of Publication :7th April 2016
Abstract: In this era of Internet everyone is free to access the data. Security is the main issue when we are developing any web application. Now a day’s PHP is very well known name for web application development. There are so many open source PHP frameworks available for web application development. In this paper we are talking about security features available in Laravel framework for web application development using PHP language. Security is one of the core features which make Laravel as a first preference to the developer. In Laravel Hashcode, Eloquent ORM model, CSRF (cross-site request forgery) and CSS (Cross-Site Scripting) are the main key features which are used to secure web application. By using these key features, we can make our web application safe from SQL Injection and different cross site request to update the data by using unauthorized users. In addition to that Laravel is having very rich set of library to develop fast and secure web application in less time. This review paper will examine the various security features available in Laravel framework.
Reference :
-
- Barry vd. Heuvel, "CSRF Protection in Laravel," September 2015. [Online]. Available: https://medium.com/@barryvdh/csrf-protection-inlaravel-explained-146d89ff1357#.4n1c4dl8m. [Accessed 2 April 2016].
- C.Supaartagorn, “PHP Framework for database management based on MVC pattern”, Department of Mathematics Statistics and Computer, Ubon Ratchathani University, Thailand, 2011.
- Easy Laravel, "Key Security Features," July 2015. [Online]. Available: http://www.easylaravelbook.com/blog/2015/07/22/larave l-key-security-features/. [Accessed 26 March 2016].
- Easylara, "Laravel Application Structure," September 2015. [Online]. Available: http://www.easylara.com/lesson-4-laravel-applicationstructure/. [Accessed 14 March 2016].
- Laravel Book, "Architecture of Laravel Applications," 2015. [Online]. Available: http://laravelbook.com/laravel-architecture/. [Accessed 23 February 2016].
- Laravel, "Application Structure - Laravel - The PHP Framework For Web Artisans," 2015. [Online]. Available: https://laravel.com/docs/master/structure. [Accessed 09 March 2016].
- Laravel, "Authentication Throttling," December 2015. [Online]. Available: https://laravel.com/docs/5.2/authentication#authenti cation-throttling. [Accessed 12 April 2016].
- Laravel, "Authentication," December 2015. [Online]. Available: https://laravel.com/docs/5.2/authentication. [Accessed 12 April 2016].
- Laravel, "Hashing," December 2015. [Online]. Available: https://laravel.com/docs/5.2/hashing. [Accessed 16 April 2016]
- Laravel, "HTTP Routing - Laravel - The PHP Framework For Web Artisans," 2015. [Online]. Available: https://laravel.com/docs/5.2/routing. [Accessed 12 February 2016].
- Matt Stauffer, "API rate limiting in Laravel," December 2015. [Online]. Available: https://mattstauffer.co/blog/api-rate-limiting-inlaravel-5-2. [Accessed 14 April 2016].
- P.R.Morpeth, J.Ellman, “Some Security Issues for web based frameworks”, School of Computing, Engineering and Information Sciences, Northumbria University, UK, IEEE, 2010.
- Scotch, "Eloquent ORM in Laravel," March 2014. [Online]. Available: https://scotch.io/tutorials/aguide-to-using-eloquent-orm-in-laravel. [Accessed 20 March 2016].
- Tinfoil Security, "Cross-Site Request Forgery," August 2014. [Online]. Available: https://www.tinfoilsecurity.com/blog/what-is-crosssite-request-forgery-csrf. [Accessed 6 April 2016].
- TIS India, "7 Best PHP Framework For Enterprise Application," 2014. [Online]. Available: https://www.tisindia.com/blog/7-best-phpframeworks-2014/. [Accessed 19 February 2016].
- W.Cui, L.Huang, L.J.Liang, J.Li, “The Research of PHP Development Framework Based on MVC Pattern”, Conference on Computer Sciences and Convergence Information Technology, IEEE Computer Society, 2009.
- Wikipedia, "Cross-Site Request Forgery," April 2016. [Online]. Available: https://en.wikipedia.org/wiki/Crosssite_request_forgery. [Accessed 10 April 2016].
- (www.phpframeworks.com, diakses tanggal 19 November 2013)