Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I've seen a few topics on this, but I'd like to offer it as a discussion before seeing if I can or should implement it.
My thought, is to provide a hardcoded user and or permission/ role assignment for permissions such as super user, so that if my DB were to be compromised, I'd still have access to what was needed to fix things. In WordPress for example, I know I've had times where my data got corrupted and sometimes I, as the only user, lost admin access to my site till i went and manually adjusted the DB entry. But I'd like to prevent that, and also prevent someone from assigning themselves as a super user or altering the super user record.
Ideally, I'd want to design something that would require a key card or something to authenticate the user, opposed to the password alone. But for now we can just discuss the password option.
Though if you know of any package that would provide functionality to "look for this file/code being present, if so allow access". File may be introduced via a USB connection, I would think.
This isn't a major thing right now, but it has been something I've been thinking about every so often, so I'd like to get some thoughts on it. And where could I put such a file, or hardcoded permission. Would that be as simple as a middleware with a "if user is XYZ assign super-admin permission" Ideally, without that permission being in the db itself to prevent modifications from bad actors.
I would use a hardcoded permission, if it's just something like is_admin column in the database.
If you want more functionality, then Laravel gate and policy are good option.
There's a package by Spatie that's awesome for managing roles and permissions https://spatie.be/docs/laravel-permission/v5/introduction
For protecting the database, that's related to the server setup and security standards.
For database corruption, use backups to be sure you can always get lost data back.
@MohamedTammam yeah. I use that packages and all. I guess ultimately I'd like to consider building a back door of sorts that wouldn't be immediately obvious in my app. Again with the end goal eventually requiring an external device or key lock that grants full access. Not sure how I'd implement that. But storing in databases alone, I'd say could be dangerous as they are hacked often especially if a popular app.
But if my roles are basically a matter of knowing a few foreign keys and somehow giving themselves permission that would be a problem
Please or to participate in this conversation.