Is Laravel Livewire actually secure?
Вставка
- Опубліковано 12 чер 2024
- There are security concerns that you have to think about when building applications in Laravel and Livewire. But how can we fix some of those concerns? Laravel gives you default security policies out of the box, but how can we apply them in Laravel Livewire. And do we actually need them?
Let's take a look.
(Take a look at the Livewire docs on security for even more ways on how to keep your Livewire app secure. ☺️)
Links:
Laravel Video on Authorization: • Authorization in Larav...
Livewire Docs on Security: livewire.laravel.com/docs/sec...
I tend to put a global scope on the models that are only accessible to own users. Then it becomes really easy. No need to ad any extra checks and global scope is already applied.
Great solution. Laravel rules! But the possibility of injecting another ID into a front-end element is not specific to Livewire. Literally any front-end that uses that sort of architecture (on a click, submit an id for update/delete etc) can have this problem. So questioning if "Livewire is secure" in the video title is a bit questionable.. but still a great video and solution!
livewire is my first choice over react and vue...
But this is general sense right? Also for the people using livewire... If you make an API that would delete the TODO, you would also check if the user is authorized to call a delete on that specific row? Or am I missing something
Loved the Dark Mode Theme 😍
So you are finally using phpstome and laravel idea?which theme
Great video! side question: what software are you using for screen recordings???
I love the content Josh and this subject is exactly what I was waiting for. I am looking for ACL type of the implementation and ways to implement it (understand how would it work on Laravel). I am using Filament 3 btw, slightly different approach but applicable.
This is something I didn't know about. Modifying the frontend. Thanks @joshcirre
Very informative, thank you 😊
I was sold laravel for being secure and having very good guiderails and not having to worry about security. It has lived up to that reputation as long as I do my part right 😊
Thanks for this piece Josh! Very informative
for multi tenant app better to use uuid as primary key not integer value, what's your thought?
I have a bit of a weird question - does the database get queried every time we check if the user is authorized? I'm brand new to laravel and IDK how laravel auth works. Is it based on JWT tokens or on database sessions?
Eu estou como Laravel 11, breeze e o Livewire 3 instalados. O comando “$this->reset('title')” está limpando a variável no Livewire, mas o campo input mantém o último texto digitado. A ao enviar o formulário com esse texto, a validação “required” informa que o campo está vazio. Você já viu isso acontecer no livewire?
Hello josh, can I please get the GitHub repo of the code shown in this video? Thanks
ace video, thanks. Another reason to use Laravel as having policies built in and ready to go is yet something else you dont have to write, so long as you use it that is.