Packagist.org maintainer account takeover
Scary stuff, but handled very well by the Packagist team.
Read more [blog.packagist.com]
Posts tagged with security
When to use Laravel global scopes
– stefrouschop.nl - submitted by Stef Rouschop
With a proper implementation of global scopes instead of local scopes, the code and security would be greatly improved. Let me illustrate this with a simple example.
Read more [stefrouschop.nl]
Join thousands of developers
Every two weeks, I share practical tips, tutorials, and behind-the-scenes insights from maintaining 300+ open source packages.
No spam. Unsubscribe anytime. You can also follow me on X.
How to secure model ID’s in Livewire and why this is important
– stefrouschop.nl - submitted by Stef Rouschop
One caveat in Livewire (version 1 and 2) is that only public properties remain state between Livewire interactions. This shouldn’t be a problem, at least not if you’re aware of how a potential hacker would abuse this.
Read more [stefrouschop.nl]
Using Laravel Sanctum to create dynamic abilities
In Oh Dear, we recently added the ability to create fine-grained API tokens that are scoped by a model. Behind the scenes, it uses Laravel Sanctum to create and verify abilities.
In this blog post, I'd like to give you a peek behind the scenes and show how we set this up.
Wildcard subdomain SSL certificates with Let's Encrypt and Bunny DNS
Creating wildcard subdomain SSL certificates isn't that straightforward with Let's encrypt as a normal SSL certificate.
Read more [rias.be]
Laravel's Safety Mechanisms
– planetscale.com - submitted by Aaron Francis
A comprehensive overview of Laravel's many safety features that can help you prevent painful mistakes.
Read more [planetscale.com]
Providing faster support using auto-impersonation
In the SaaS'es I usually work on (Flare, Mailcoach Cloud, Oh Dear), we've recently introduced an improvement to how we handle support. We call it "auto-impersonation".
In this blog post, I'd like to tell you all about it.
Sign your Git commits with 1Password
A great way to go about signing git commits.
Read more [blog.1password.com]
Customising Laravel's URL signing key
How to swap Laravel's URL signing key is not documented, but luckily Michael wrote a good post on it!
Read more [dyrynda.com.au]
Testing Randomness of PHP Random Number Functions
Let's take a look at the different ways to generate a random number in PHP.
Read more [php.watch]
Composer 2.4 introduces two new commands: `bump` and `audit`
The best dependency manager just got a little bit better.
Read more [php.watch]
New composer audit Command and security audits in Composer 2.4
Composer 2.4 features scanning the installed and new packages for known security vulnerabilities. When a new package is installed, or an existing package is updated, Composer looks up the package version numbers on known security vulnerability announcements, and reports if there are any known vulnerabilities in the list of packages.
Read more [php.watch]
Encrypting Laravel Eloquent models with CipherSweet
– rias.be
We've just released laravel-ciphersweet. This package is a wrapper over CipherSweet, which allows you to easily use it with Laravel's Eloquent models.
Read more [rias.be]
Using login links in a Laravel app
I'm proud to announce that our team has launched a new package called spatie/laravel-login-link.
In this blog post, I'd like to tell you all about it.
How to improve privacy with Laravel file encryption
– geisi.dev - submitted by Tim Geisendörfer
Let's improve your users privacy with file encryption without using any 3rd party packages.
Read more [geisi.dev]
How I Got Pwned by My Cloud Costs
Troy Hunt recently got a very high bill for his severless hosting. In this post, he share why the bill was so high, and how he's avoiding this for future bills.
Read more [www.troyhunt.com]
Why I’m Using HTTP Basic Auth in 2022
If you're going to use basic auth, make sure that you use HTTPS.
Read more [joeldare.com]
Beg Bounties
Troy Hunt with a good piece on people asking money in order to disclose a vulnerability. I get a lot of these too.
Read more [www.troyhunt.com]
Replacing Keytar with Electron's safeStorage in Ray
Ray is an app we built at Spatie to make debugging your applications easier and faster. Being web developers, we naturally decided to write this app in Electron, which enabled us to move from nothing to a working prototype to a released product on 3 separate platforms within a matter of weeks.
Making 1Password understand where your change password page is located
A few days ago, a new version of 1Password was released that is able to detect where a user can reset his or her password.