Ben94

Ben94

Member Since 8 Months Ago

Experience Points
910
Total
Experience

4,090 experience to go until the next level!

In case you were wondering, you earn Laracasts experience when you:

  • Complete a lesson — 100pts
  • Create a forum thread — 50pts
  • Reply to a thread — 10pts
  • Leave a reply that is liked — 50pts
  • Receive a "Best Reply" award — 500pts
Lessons Completed
7
Lessons
Completed
Best Reply Awards
0
Best Reply
Awards
  • start-engines Created with Sketch.

    Start Your Engines

    Earned once you have completed your first Laracasts lesson.

  • first-thousand Created with Sketch.

    First Thousand

    Earned once you have earned your first 1000 experience points.

  • 1-year Created with Sketch.

    One Year Member

    Earned when you have been with Laracasts for 1 year.

  • 2-years Created with Sketch.

    Two Year Member

    Earned when you have been with Laracasts for 2 years.

  • 3-years Created with Sketch.

    Three Year Member

    Earned when you have been with Laracasts for 3 years.

  • 4-years Created with Sketch.

    Four Year Member

    Earned when you have been with Laracasts for 4 years.

  • 5-years Created with Sketch.

    Five Year Member

    Earned when you have been with Laracasts for 5 years.

  • school-session Created with Sketch.

    School In Session

    Earned when at least one Laracasts series has been fully completed.

  • welcome-newcomer Created with Sketch.

    Welcome To The Community

    Earned after your first post on the Laracasts forum.

  • full-time-student Created with Sketch.

    Full Time Learner

    Earned once 100 Laracasts lessons have been completed.

  • pay-it-forward Created with Sketch.

    Pay It Forward

    Earned once you receive your first "Best Reply" award on the Laracasts forum.

  • subscriber-token Created with Sketch.

    Subscriber

    Earned if you are a paying Laracasts subscriber.

  • lifer-token Created with Sketch.

    Lifer

    Earned if you have a lifetime subscription to Laracasts.

  • lara-evanghelist Created with Sketch.

    Laracasts Evangelist

    Earned if you share a link to Laracasts on social media. Please email [email protected] with your username and post URL to be awarded this badge.

  • chatty-cathy Created with Sketch.

    Chatty Cathy

    Earned once you have achieved 500 forum replies.

  • lara-veteran Created with Sketch.

    Laracasts Veteran

    Earned once your experience points passes 100,000.

  • 10k-strong Created with Sketch.

    Ten Thousand Strong

    Earned once your experience points hits 10,000.

  • lara-master Created with Sketch.

    Laracasts Master

    Earned once 1000 Laracasts lessons have been completed.

  • laracasts-tutor Created with Sketch.

    Laracasts Tutor

    Earned once your "Best Reply" award count is 100 or more.

  • laracasts-sensei Created with Sketch.

    Laracasts Sensei

    Earned once your experience points passes 1 million.

  • top-50 Created with Sketch.

    Top 50

    Earned once your experience points ranks in the top 50 of all Laracasts users.

Level 1
910 XP
Sep
24
3 weeks ago
Activity icon

Started a new Conversation Maximum Execution Time Of 300 Seconds Exceeded

I am trying to upload a working Laravel site onto IIS. I believe everything is working correctly as I can see the landing page. But when I try to log in, the request keeps hanging until I get the error 'Maximum execution time of 300 seconds exceeded'.

The Laravel debugger shows the following block of code.

        try {
            return $this->createPdoConnection(
                $dsn, $username, $password, $options <------ This line is red
            );
        } catch (Exception $e) {
            return $this->tryAgainIfCausedByLostConnection(
                $e, $dsn, $username, $password, $options
            );
        }

So I presumed it was a problem with the Database connection, but when I connect to the database (for example by doing a User::All() on the landing page, it works perfectly. Even in artisan tinker the connection is established.

I have narrowed the place where the error establishes down, in the Laravel auth login.

    protected function attemptLogin(Request $request)
    {
        return $this->guard()->attempt(
            $this->credentials($request), $request->filled('remember')
        );
    }

I have no clue what's causing this, but I'm afraid it's an IIS error, although this seems unlikely given that the rest works.

Jun
07
4 months ago
Activity icon

Started a new Conversation Question Regarding Site Security With IP Whitelisting

I have made a relatively simple website with an admin page and a customer page. Everything is middleware checked on user permissions and customers can only see their own records through an eloquent check. Nothing too exciting.

But since the website has to go live for my customer, and I can't maintain the site after publishing, the customer has decided to host the site on their own server and grant site permission only to certain IP addresses (a whitelist). This makes sure only their business customers can view the site and this guarantees me a certain degree of independence.

I am now reading a Laravel site security checklist and it mentions the following things:

  • Send All Available Security Headers (HSTS, X-XSS-Protection, X-Frame-Options, X-Content-Type-Options, and a Content Security Policy)
  • Have a Content Security Policy
  • Add logging

I was wondering if these things are even needed if the site is protected by an IP whitelist? I know that this normally is important but given the scenario I'm curious if it is worth the effort. Or am I overlooking something?

Developing isn't new to me but publishing sites live is.

Thanks.

Apr
27
5 months ago
Activity icon

Started a new Conversation Test Database With Multiple Databases

I have created an .env.testing with the following data:

DB_CONNECTION=sqlite
DB_DATABASE=database/test.sqlite

So everytime I ran phpunit it put the data in the test.sqlite file. However, I now need to use two development databases, so I added these lines to my Models.

class ExampleModelOne {
    protected $connection = 'mysql';
    ...
}
class ExampleModelTwo {
    protected $connection = 'sqlsrv';
    ...
}

The problem is that I now receive the following error:

Access denied for user ''@'localhost' to database 'database/test.sqlite'

Is there any way to solve this? I'm trying to prevent manually editing the files each time.

Regards

PS for reference, this is my .env file

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=***
DB_USERNAME=root
DB_PASSWORD=

DB_SRV_CONNECTION=sqlsrv
DB_SRV_HOST=***
DB_SRV_PORT=1433
DB_SRV_DATABASE=***
DB_SRV_USERNAME=***
DB_SRV_PASSWORD=***
Mar
06
7 months ago
Activity icon

Replied to I'm Nervous That My App's Security Has Flaws. Asking For Feedback.

@ARTCORE - Thank you for the quick reply. It's not online yet and the database is entirely in the hands of SAP if that is what you meant :). Autoblocking failed attempts is a great solution I did not yet think about.. Some other terms you said are unbeknownst to me so I'll google them. :) Thank you.

Activity icon

Started a new Conversation I'm Nervous That My App's Security Has Flaws. Asking For Feedback.

This is my first freelance job for an IT company. The requirement is that the website has two use-cases.

  1. Customers (other companies) need to log in and be able to view their orders from our SAP production DB.
  2. Employees from 'my' company need also be able to log in and view some internal information pulled from their production database.

What I have done to make the site a bit more secure:

  • I have two databases, one is a simple MySQL db for users. The other is a fully productional SAP B1 database. Both usernames and passwords are configured in the .env file.
  • The connection with the SAP database is from a user that has only read-only access.
  • The sensitive Laravel Models that connect to the Production database have read-only traits (for extra making sure.)
  • Every route except login has an auth middleware so people get redirected when not authenticated.
  • (Here's the risky one I'm uncertain of) I have a route /getData that still has that auth middleware. If you go to /getData you'll be redirected. Is this hack-proof/can I test this?

Are these proper steps? And a more global question: How can I make absolutely sure my site is secure? Any tips, things to really take into consideration or more?

Ik know this is probably a broad question so if anyone can find an extensen tutorial/small book on the subject I'd love to hear it. (Couldn't find one myself.)