how to prevent access database and resources in laravel blade?
Question
I want to create a shop builder that the user can create own theme and upload it to my host. and now I want to prevent users cant access database and model and resources in blade.
Because they can write malicious code through the blade on my server and cause system crashes.
I want to send only a list of variables for each blade's page that contains the values they need on this page and users can only use these variables and can not access my server database or resources and my files server. I had to prevent user cant access database in the blade
Anyone have an idea for this؟
thank you
1 answers
solution1
0 2021-11-16 10:44:17
I have a need similar to yours
after several experiments and attempts I have found a solution that might work, but with limitations/restrictions
it would be appropriate "from my point of view" to think about introducing another way to render your content.
in the face of my research I have found 2 possible solutions
- introduce liquid
- PRO
- no type of access to the code
- AGAINST
- everything that will be accessible must be processed in advance
- PRO
- introduce TWIG
- PRO
- you do not have default access to eloquent or anything else that has not been passed to it
- you can pass an 'object' intended as a php class with all its methods and properties
- AGAINST
- just because you can pass 'objects' you may come across the unpleasant condition that an object brings with it something that the view should not have access to
- PRO
conclusions
in conclusion, 'my' choice was liquid, since it guaranteed me more security, in addition to other companies such as shopify have decided to use it also for this peculiarity
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.