Security questions

Aide et questions


il y a 6 ans

Since i just noticed how easily JS injection is over here...

I gotta wonder: what kind of security is there currently? To prevent JS injection i'd recommend to add a whitelist of allowed HTML tags. If you are using PHP, it has a built-in function for that! Other languages probably have similar

And, on the topic of security, how are passwords being hashed? I'm curious because there are many ways to do it wrongand oh-too-many big companies and thelike also do it wrong....

Aurélien Rodot

NEW il y a 6 ans

Okay so the website is made using Laravel, and the whole website is protected against XSS injections using blade templates {{ }}

Except for the forum, where he left a {!!} to go faster as it was maybe interfering with other things (like emotes). But it's going to be fixed as it was just a placeholder solution.

Laravel's encrypter uses OpenSSL to provide AES-256 and AES-128 encryption. You are strongly encouraged to use Laravel's built-in encryption facilities and not attempt to roll your own "home grown" encryption algorithms. All of Laravel's encrypted values are signed using a message authentication code (MAC) so that their underlying value can not be modified once encrypted.

Plus login cookies and passwords are hashed.


NEW il y a 6 ans

Okay, that sounds great! And, if you use lavarels hashing for passwords (which i'll assume at this point) then everything is good to go and my worries have been resolved. Thank you!

EDIT: you just edited your post to say the pwds are hashed with that, great!