Web Security: How SQL Injection is done

SQL injection is one of the most common website exploits. For us developers to prevent SQL injection attacks, we must first understand how it’s done. Together, let’s review the basics of SQL injection. Remember, let’s use our knowledge on good things only, okay? The scope of this post is only a MySQL injection sample from […]

Read More

Prevent direct access to directories of subdomains

From my hosting platform (e.g. cPanel), I created two subdomains for web apps. The web apps reside in the following directories: /foo/bar/app_one/ /foo/bar/app_two/ And the subdomains I created are accessed through these URLs: http://app_one.bar.domain.com (pointing to /foo/bar/app_one/ directory) http://app_two.bar.domain.com (pointing to /foo/bar/app_two/ directory) For security purpose, I don’t want anyone to access the web app […]

Read More

Laravel 5: activate API token guard and print “Unauthorized” instead of login redirect

In Laravel 5, I wrap my API routes in a route group like this:

Notice that I use auth:api and throttle on my middleware array. auth:api turns on the auth middleware with API token as guard, while throttle activates rate limiter for APIs. To get started with API token authentication, you may read https://gistlog.co/JacobBennett/090369fbab0b31130b51. […]

Read More