A bit too friendly...
2 days ago
1
0
0
0
Posts by Stephen Rees-Carter
Livewire's Public Properties may look like PHP class properties, but they're really hidden form fields, just waiting for your input... ๐
securinglaravel.com/in-depth-don... #Laravel
3 days ago
7
2
1
0
Haha, I actually got a friend who knows crypto randomness stuff to check it for me, to make sure I hadn't made any stupid mistakes!
1 week ago
1
0
1
0
On the Securing Laravel blog, @valorin.bsky.social explores Laravel security concepts & techniques ๐ - madewithlaravel.com/securing-lar...
1 week ago
1
1
0
0
Again, if you have a Substack, the best time to switch away was months ago -- but today's the second best time.
1 week ago
1571
585
16
21
Do you know the difference between GET and POST requests, and why it's so important that GET requests only ever retrieve data?
securinglaravel.com/security-tip... #Laravel
1 month ago
8
0
0
0
Probably got marked as spam too much, and was causing domain reputational and customer service issues. ๐คฃ
1 month ago
1
1
0
0
Advertisement
As Laravel's friendly hacker, I feel it is my duty to inform everyone that Laravel v11 is no longer supported! ๐ฑ
โ Bug fixes (they stopped 6 months ago)
โ Security fixes (they stop today!)
Have you upgraded yet?
laravel.com/docs/release... #Laravel
1 month ago
7
4
0
0
Without an `exp` claim, a JWT can remain valid forever, turning a leaked token into permanent access.
securinglaravel.com/security-tip... #Laravel
1 month ago
3
3
0
0
Rather than checking for essential config when it's used, throw the checks in your Service Provider - you'll know about configuration failures before your users get a weird error.
securinglaravel.com/security-tip... #Laravel
1 month ago
5
0
0
0
PSA for @statamic.com folks - update your sites ASAP! โ ๏ธ
A CRITICAL vuln was discovered that allows full account takeover via password resets! ๐ฑ
All the details: cvereports.com/reports/CVE-...
1 month ago
9
6
0
0
I am determined to get back to @laravellive.dk this year, so if you have a dev team or a meetup in EU or UK and want me to run a workshop or give a talk in August, let me know!
1 month ago
1
0
0
0
Yes, I love the Bridgerton soundtracks! They have a good mix of high energy and consistent rhythm that helps me concentrate.
I'm almost always listening to some soundtrack when working, today is BSG.
1 month ago
2
0
0
0
That adds a whole new level of pain, good luck! ๐ค
1 month ago
1
0
0
0
You can't trust an email address you haven't verified, so why are you storing them in your database?
securinglaravel.com/in-depth-ema... #Laravel
1 month ago
5
0
1
0
routes/web.php is boring and reliable, and routes/api.php is fancy, but have you forgotten one?
securinglaravel.com/security-tip...
2 months ago
6
1
0
0
Advertisement
I know I say this all the time (especially on stage!), but apparently not everyone heard me, so here we go again...
securinglaravel.com/security-tip...
2 months ago
2
1
0
0
It's been 4 months, a lot has happened, but I'm finally back to writing securinglaravel.com!
New Security Tip coming out in a few hours...
2 months ago
9
0
0
0
And my talk on Friday was the most absurd and crazy thing I've done on stage (which is saying something), and I've had some great feedback that's already made it worth it. No idea what I'll do next year...
5 months ago
1
0
0
0
Exhausted after #LaraconAU last week, but excited by how it all went!
I was so proud of everyone in my workshop on Wednesday - everyone had a go, and the excitement in the room as they hacked through challenges made it all worth it.
5 months ago
5
0
1
0
Haven't bought tickets to my Pre-@laracon.au Security Workshop yet?! ๐ฒ
I'll be locking in numbers early next week, so get your ticket TODAY or reach out to me directly. โ
This is your final warning... โฐ
events.humanitix.com/lets-hack-pr...
6 months ago
0
1
0
0
"Let's Hack!", my Pre-Laracon Security Workshop is just FIVE weeks away! ๐
(So is @laracon.au... but let's be honest, priorities.)
Only 11 tickets left, & I need to confirm numbers with the venue, so if you've been thinking about it, now's the time!
๐ events.humanitix.com/lets-hack-pr...
6 months ago
1
1
0
0
Good point! I completely forgot about this option. ๐คฆ
I've updated the article to reflect this.
6 months ago
1
0
0
0
Advertisement
If an API client tries to connect via unencrypted HTTP, what should your API do: redirect to HTTPS, disable HTTP, offer a swift rebuke, or take matters into it's own hands? ๐ค
securinglaravel.com/security-tip... #Laravel
6 months ago
3
1
1
0
Cookies come in many shapes and sizes, and with multiple attributes just to confuse you... Have you ever wondered what the humble HttpOnly attribute actually does?
securinglaravel.com/security-tip... #Laravel
6 months ago
6
0
1
0
I was wondering if anyone would get the reference! ๐
I haven't seen it in a long time, the ฯ is the only thing I remember. Not sure how I'll fit impossible IP addresses into my talk...
6 months ago
1
0
0
0
Exactly. ๐
Maybe next time I'll do my Ethics talk, that'd make for some fun irony. ๐
6 months ago
1
0
0
0
Clearly I'm being framed here!
6 months ago
1
0
1
0
Would I do something like that?
6 months ago
1
0
1
0
We'll never know how @valorin.bsky.social keeps getting invited back to speak at @laracon.au but we do know that he always puts on a heck of a talk when he does!
Learn how to defend your Hornburg on November 13-14!
Grab your ticket before 29 Sept to get a ๐ in your size ๐ laracon.au/tickets
6 months ago
3
1
1
0