0

i want to know how secure is it to handle post requests with Query strings and if its not secure how can i disable the user to send any query string to my api cause right now the user is able to send any query string regardless of its being right query string or wrong one and in the end can 

$request->get('somekey');

get the data from body not the params(From Post man app sending )

Farshad
  • 1,553
  • 4
  • 26
  • 47
  • 1
    Depends if you're using signed URLs and in what context you mean "how secure". If you're putting any secure data into the query parameters you're probably doing it wrong. – stokoe0990 Jul 16 '19 at 13:15
  • @stokoe0990 How to disable the query string from a url ?? – Farshad Jul 16 '19 at 13:16
  • 1
    Perhaps this will help for disabling query string inputs. https://stackoverflow.com/a/4270683/1848660 – stokoe0990 Jul 16 '19 at 13:18
  • 1
    You could strip them using `.htaccess` if you like before it reaches your code. – nice_dev Jul 16 '19 at 13:18
  • 1
    If you want to keep it and want to make the user send only necessary query strings per request, then it's not possible. Because, since you mentioned security, browser is not the only medium. One alternative is Postman itself like you said. So you have no control over what user could send. – nice_dev Jul 16 '19 at 13:20

2 Answers2

1

If you are talking about SQL Injection, then, Laravel is already aware of that. Laravel's Eloquent ORM uses PDO parameter binding, so that, it can avoid any sql query strings out of the way.

For better knowledge check this link: https://www.easylaravelbook.com/blog/how-laravel-5-prevents-sql-injection-cross-site-request-forgery-and-cross-site-scripting/

Subham Chakraborty
  • 31
  • 3
1

This role doesn't belong to Laravel, but, to server. To doesn't accept query strings you'll need to configure in your Nginx or Apache.

https://serverfault.com/questions/707285/remove-query-string-from-url

https://www.linuxquestions.org/questions/linux-server-73/%5Bapache%5D-how-to-block-a-query-string-4175586473/

Vinícius Alonso
  • 141
  • 2