Download the PHP package dentro/paranoia without Composer
On this page you can find all versions of the php package dentro/paranoia. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download dentro/paranoia
More information about dentro/paranoia
Files in dentro/paranoia
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package paranoia
Paranoia
HTTP Session Security for Laravel
[!CAUTION] Paranoia only support session with
databasedriver. We planned to support more drivers if there's any demand for that. Please make new issue to request which driver you want to support.[!IMPORTANT] In session hijacking (TCP hijacking), attackers steal a web user's active session by acquiring their unique session ID. This lets them impersonate the user, accessing data or performing actions as if they were the legitimate user.
A minimal effort to prevent session hijacking is 'to not being hijacked' by using secure transport protocol such as https. This package provide extra-layer for Session's security by detecting suspicious changes (user-agent, location, ip) on user's session.
Requires PHP 8.3+
Geo Restriction Detection
Preventing unauthorized access based on Geo IP. Our Geo IP check is leveraging ipinfo.io. Geo Restriction is suitable for an application that following a strict security rules related to limited-country access policy such as in government, financial institution, internal software, and such.
Check OWASP AppSensor at RP1: Suspicious or Disallowed User Source Location for more information.
IP Changes During Session Detection
Allowing detection on IP changes during a session. It can be used to preventing unauthorized access by detecting changes on new IP. Please be aware that changing WiFi or Mobile Data can be detected as a new IP. Use this with full-awareness.
User-Agent Changes During Session Detection
Allowing detection on user agent changes during a session. This middleware is the same as Location Changes Detection, but it checks suspicious changes on User-Agent. Can preventing user's session to move between multiple user-agent.
This feature minimize the escalation risk of Session Hijacking Attack.
Check OWASP AppSensor at SE6: Change of User Agent Mid Session for more information.
Utilities
[!CAUTION] We planned to split this security utilities into separate package.
X-Form Header Encoding as Form
This utility prevents plain-text body submission.
The middleware use X-Form header, decode X-Form as array, and convert the array as request's inputs.
Configuration
Roadmap
Our roadmap for more security features:
- Support more session drivers
- Remove dependency to ipinfo.io
