Laravel is a secure php framework following MVC pattern design .
But it's a question for me if i use Model codes like DB:: class inside .blade files , is it secure or not ?
I know it's not good idea disturb MVC rules
But I want to test Laravel security. If anybody did this action what security problems would happen?
It's as secure/insecure (depending on your implementation) as in any other part of the framework. But no, it's not a good idea. You named MVC. Your template file (.blade) should receive data, not fetch it.
Related
I am build an application using Angular2 as front end framework and spring boot as backend framework.
One of the seniors in my team insisted on using JSP as templates for my components in order to avoid rendering any unauthorized views.
Is that really nessecary? I saw many applications which are implemented using angular or other front end frameworks but it did not render the templates in backend, is it a good practice? isn't authenticating the requests is enough?
Also would not that be a problem for performance?
From my point of view I think JSP will prevent us from using the potentials of Angular, any help or documentation on that subject would be much appreciated.
Short: No, JSP is not necessary.
Long: One has to realize where which part runs. JSP on the server, Angular in the browser. I assume your senior colleague is concerned about displaying unauthorized data - but that is not the concern of Angular. Angular is basically just the View, and, perhaps, Controller. But it has to get the data from the server - which is usually done over some REST service. And it is the duty of that service to serve only data the user is allowed to view. So you can implement your View/Controller part in Angular, putting all the views (event the restricted ones) in, and then implement proper security into your server-side data service.
No, it's not necessary to use JSP in Angular 2.
It's correct that JSP allows you to protect the template itself from unauthorized access, but in our case it's not really a bad thing to happen from the security point of view, as access to the template without the data itself is not something dangerous; The data of course must be protected w/ your own security/authentication to prevent unwanted access to it.
I have a Laravel application which is using Blade as the frontend. I'm feeling the better (more future proof) option would be to switch to Angular, Vue or React, (not entirely sure yet which one I will use but that's not the question of this post)
I've always thought that the backend code should expose an API in order for these JS frontend frameworks to work. I currently don't expose any sort of API.
I basically designed it in the normal way:
define route pointing to controller
create controller function and direct it to a view
create the Blade view
Couple of questions:
Should I redesign my backend to expose such an API?
Can I call Angular/Vue/React code from my controllers, similar to what I'm
doing with Blade?
In case the answer is yes to question 1,
shouldn't I consider changing to Lumen then?
using frontend framework means you would most likely build you backend as an API,
a common scenario is:
a single route the points to a controller which loads the angular/vue app
the angular/vue app would handle views and templates.
once the app is loaded you only need to communicate with the server through the exposed api's
you can't call you js code from laravel controller and you probably won't need to.
as for your question lumen vs laravel, I think it's up to you to decide that. both have pro's con's.
I was at an interview yesterday and the interviewer asked me a few questions about blade and I replied saying that I don't use blade and only use Laravel to build RESTful web services which I then consume using a front end technology such as Angular.
He insisted that blade was very useful and there a few disadvantages to not using blade. I couldn't understand what he was talking about. And neither do I clearly remember any points he made.
I am curious to know are there any disadvantages to not using blade in Laravel?
In my opinion there are a few advantages of AngularJS over blade and vice versa:
Advantages blade:
Laravel has some html helpers and form helpers.
Laravel adds a token to a form for preventing csrf!
When you open a form you can give a route to it. The method and the action are defined by blade based on the given route.
With blade you can create macro's and view composers.
When validating a form you can return back with the input and the errors which is quite easy.
Blade is not realy slow because laravel cache the compiled views.
With blade you can extend and include views which is more DRY(Don't Repeat Yourself)
On paginator objects you can call ->links() which is very easy for pagination although this is also nice to do with AngularJS.
Blade can automatically escape you're data with {{{$var}}}.
If you've to write a multi language application blade and laravel comes with easy methods to do achieve this.
This are in my opinion the advantages of blade. Look at the blade docs for more information and figure out what you like!
I'm a Laravel 3.x beginner with a CI background.
I'm very acquainted to use controllers rather than routes and I'm having issues trying to use controllers in Laravel.
For example: let's say I have the home_controller and the "about" action. My problem is that I'm only able to access the "about" action by setting a route that points to it - something I think is undesirable.
Is there a way to get the "about" action to work without setting a route?
In laravel, everything can be accomplished using either Routes and/or controllers.
However, using both routes AND controllers is suggested for great flexibility. See this article for more informations and some examples of how to combine routes with controllers.
Anyway, if you want to use controllers (which is perfectly acceptable), you need to register them in your routes.php with Route::controller('yourcontroller') before you can use them.
Everything has to be routed in Laravel. But, you don't have to manually route each method. You could do something along the lines of Route::controller('admin').
See here: http://laravel.com/docs/routing#controller-routing
I like Mike Anthony solution. When you're using only controllers this detect method is everything you have to do - this will register automatically all of your controllers. Best hand free solution so far.
The usual controller registration is, as the guys already mentioned, this:
Route::controller('controllername');
You have to register all controllers like in the example above. It is one line of code per a controller, and it is the rule.
But if you have a static page or a login action (page), a good practice is to create a Route controller (anonymus function), not a classic controller (in controllers folder).
What is the best way to use codeIgniter with BoilerplateJS? should I put the codeIgniter folder in a BoilerplateJS folder or the contrary? Or something else? Need to make an authentifcation page in codeigniter and redirect the application in boilerplateJS.
Thanks.
I tried BoilerplateJS with CI in the following way:
Basically this is including BoilerplateJS in CodeIgniter folder.
I included all the BoilerplateJS code except the index file in to a folder named public which is in the root folder of CodeIgniter. The index file is placed in the views folder and will be loaded by a controller. (See the image)
For this to work some file paths had to be tweaked.
File paths in boilerplatejs index file (boilerplate.html in my case) had to be changed as follows:
./libs/jquery/jquery-min.js >>to>> public/libs/jquery/jquery-min.js
./libs/underscore/underscore-1.3.3.js >>to>> public/libs/underscore/underscore-1.3.3.js
and so on.
In main.js requirejs path configurations should be changed to:
require.config({
//Let's define short alias for commonly used AMD libraries and name-spaces.
paths : {
// requirejs plugins in use
text : 'libs/require/text',
i18n : 'libs/require/i18n',
path : 'libs/require/path',
// namespace that aggregate core classes that are in frequent use
Boiler : './app/core/_boiler_'
}
});
And in your controller you can load boilerplatejs by: $this->load->view('boilerplate.html');
I was thinking of integrating BoilerplateJS and CodeIgniter and probably use codeignighter-rest server for some time.
If all goes well I will share the code within the week.
A sample project is available at: https://github.com/slayerjay/codeigniter-boilerplatejs
EDIT Adding my view on CodeIgniter and BoilerplateJS
Firstly I have not (yet) done any major projects with BoilerplateJS and Codeigniter. But I have done projects using CI and the CI REST Server and know BoilerplateJS in and out.
I do not have much experience with other PHP frameworks (I have meddled with cakePHP and some others) but for me CI helps me to organize my code according to MVC pattern in a clean way, and provides excellent helper libraries and documentation.
As the OP rightly said, authentication is handled best outside BoilerplateJS and this can be done nicely with something like ion-auth for CI. After the user is authenticated and the SPA is loaded, the rest of the calls will be handled by the CodeIgniter REST server.
In this case you won’t be using much of the View aspect of your MVC architecture, but CI’s models and helpers would be of great help.
If you just need a simple REST server you can go with some lightweight solution that just provides REST type routing, but in many cases you will need to interact with a database and do some data processing.
So if you have decided to have a PHP backend for your application, Codeigniter with the REST server is a good choice.