Want to do some back-end stuff but worried about security

Want to do some back-end stuff but worried about security

Talia

Member
Local time
01:23
Joined
Jan 21, 2020
Messages
84

I am mostly a front-end developer but I know a bit of PHP and would like to work on that skill and make some projects. But I have a problem, which is that I'm very nervous about security. I know that's not much of an issue in a local environment, but I'd like to make my creations public and as soon as I do so, I'll have to worry about it. Anything to do with connecting to a database has me worried. Security best practices are fairly confusing for a newbie, so I'm pretty afraid I won't get it/will mess up. How can I deal with this? I feel like I will be much more employable if I learn this stuff and it will really increase the amount of things I can create. But I don't know how to stop worrying about security - how to be confident my creations don't have any major security flaws. To be clear, anything I would do with these skills for my personal projects would be fairly simple, and probably not much sensitive information will be involved, but I'm still worried.

 

Gummibeer

Astroneer
Moderator
Local time
08:23
Joined
Oct 5, 2019
Messages
1,156
Pronouns
he/him

Hey,
out of my personal experience/history I highly recommend you to use Laravel for PHP backend.
It comes with all important security measurements by default. You don't have to care about SQL injection and authentication and authorization come by default with pretty simple APIs.

@TGDesigns is also a Laravel "newbie" - possibly he can tell you something from starter perspective.

A recommendation: use pretty strict validation rules on your requests. The stricter the better.
Something good to know is to know some keywords:
* authentication vs authorization
authentication: is the simple login/credentials
authorization: is the check for permission on the logged in uset
* permission vs group vs role
group: is a list of multiple roles
role: combines permissions needed to fullfil a role in app
permission: is the single granular permission - in CRUD these would be 5 permissions per entity: list, show, create, update, delete

Except of validation and authorization you don't have to care about much with Laravel.
Except you start to handle sensitive data or want to fulfill any audits.

 

Gummibeer

Astroneer
Moderator
Local time
08:23
Joined
Oct 5, 2019
Messages
1,156
Pronouns
he/him

And regarding web security at all - I can recommend Sqreen!
They also have a dedicated Laravel checklist. But also a lot more stuff you can check.

 

kilian

Member
Gold Member
Local time
08:23
Joined
Oct 7, 2019
Messages
60
Pronouns
he/him

To echo what Gummibeer said: make sure you use a framework and stay within the confines of it, that should keep you reasonably secure. I think Laravel is an excellent choice for PHP.

 

TGDesigns

Member
Local time
07:23
Joined
Nov 20, 2019
Messages
73

Ive been learning laravel for the past few months, I was also worried about security but using a framework has helped with that considerably. As other have said dont try to re invent the wheel, I found things like Oauth and laravel's auth system perfectly suitable for the projects I wanted to play with! If you need help or one someone to bounce ideas off im happy to help!

Im currently working on a stock management system using laravel!

And thanks for the shout @Gummibeer 👍😀

Also my bad on the late reply Ive been moving house this last week :/

 
Last edited:
Top