Is Laravel Livewire actually secure?

I tend to put a global scope on the models that are only accessible to own users. Then it becomes really easy. No need to ad any extra checks and global scope is already applied.

AtiqSamtia

I was sold laravel for being secure and having very good guiderails and not having to worry about security. It has lived up to that reputation as long as I do my part right 😊
Laravel allows you to turn off all guiderails and ignore all best practices when you really need it, I like to just not do it and follow them. Worked out great so far!

Stoney_Eagle

I love the content Josh and this subject is exactly what I was waiting for. I am looking for ACL type of the implementation and ways to implement it (understand how would it work on Laravel). I am using Filament 3 btw, slightly different approach but applicable.

markos

Eu estou como Laravel 11, breeze e o Livewire 3 instalados. O comando “$this->reset('title')” está limpando a variável no Livewire, mas o campo input mantém o último texto digitado. A ao enviar o formulário com esse texto, a validação “required” informa que o campo está vazio. Você já viu isso acontecer no livewire?

marcosaugustoschultzwutke

Great video! side question: what software are you using for screen recordings???

marekbee

Great solution. Laravel rules! But the possibility of injecting another ID into a front-end element is not specific to Livewire. Literally any front-end that uses that sort of architecture (on a click, submit an id for update/delete etc) can have this problem. So questioning if "Livewire is secure" in the video title is a bit questionable.. but still a great video and solution!

drewwellington

Thanks for this piece Josh! Very informative

Just curious, what Theme are you using for your PhpStorm and everything in between that?

stevebraintv

ace video, thanks. Another reason to use Laravel as having policies built in and ready to go is yet something else you dont have to write, so long as you use it that is.

Another thing that could be done I guess is testing, so a feature or end to end test to see if you can legally CRUD as well as be stopped when not could be another safety net. I found livewire to have its own way of doing this in feature tests or you could use another framework like playwright which I like quite a lot.

I'd be interested to know what your thoughts are on such and which approaches you favor be it tdd, feature testing or tad as I call it ( test after development )

JonBrookes

for multi tenant app better to use uuid as primary key not integer value, what's your thought?

popetgirl

I have a bit of a weird question - does the database get queried every time we check if the user is authorized? I'm brand new to laravel and IDK how laravel auth works. Is it based on JWT tokens or on database sessions?

nasko

So you are finally using phpstome and laravel idea?which theme

ravisorathiya

But this is general sense right? Also for the people using livewire... If you make an API that would delete the TODO, you would also check if the user is authorized to call a delete on that specific row? Or am I missing something

vanvanni_nl

Hello josh, can I please get the GitHub repo of the code shown in this video? Thanks

exeis

livewire is my first choice over react and vue...

shubhamsahuSD

This is something I didn't know about. Modifying the frontend. Thanks @joshcirre

williamdk