If you’ve found an error, spotted something missing, or feel a section could be clearer or better explained, we’d love to hear from you. Your feedback helps keep the documentation accurate and useful for everyone.
Please report issues or suggest improvements on GitHub. Community input is invaluable in making the docs stronger.
Not comfortable with GitHub? No problem — you can also get in touch with us directly via our contact form. We welcome all feedback.
Key Security Principles
The Trongate PHP framework incorporates a comprehensive suite of security features to ensure your applications are secure from the ground up. These features include:
- Form Helpers: PHP functions designed to simplify the creation of secure forms and address common security concerns.
- Validation Class: A robust input validation system that helps prevent malicious data from compromising your application.
- CSRF Protection: A built-in mechanism to defend against Cross-Site Request Forgery (CSRF) attacks.
- The Database 'Model' Class: A secure interface for database operations, leveraging Trongate's PDO library to mitigate SQL injection risks.
For Trongate MX users, these security features are available out of the box and require no additional configuration, enabling developers to immediately work within a secure and cohesive ecosystem. By seamlessly integrating security with all aspects of modern web development - including the construction of secure API endpoints - Trongate empowers developers to achieve unparalleled efficiency and confidence in their projects.
Securing API Endpoints
API endpoints serve as crucial interaction points between your application and external systems or users. Securing these endpoints is essential to prevent unauthorized access and protect sensitive data.
Strategies for Securing Endpoints
There are a variety of strategies that developers can use to secure API endpoints. The strategies covered in this chapter include:
- Authorization Headers: How to include authorization data (e.g., tokens or API keys) in HTTP request headers to verify the authenticity of requests.
- CSRF Protection: How to protect web applications against Cross-Site Request Forgery (CSRF) attacks.
- Authentication and Authorization: How to use Trongate's security token system for authorization and authentication.
Developer Flexibility and Broader Security Considerations
While Trongate MX provides powerful built-in security features, developers should consider the following:
- Flexibility in Security Implementation: You're not restricted to using Trongate's built-in security tools. If needed, you can integrate custom or third-party security solutions to meet your specific requirements.
- Foundational Security Practices: Beyond using tools, developers should maintain a strong understanding of essential web security principles. These include hosting applications over SSL to encrypt data transmission, securing server configurations, and staying informed about emerging vulnerabilities.
By combining Trongate MX's security tools with these best practices, developers can build robust, secure applications capable of meeting the demands of modern web development.