-
Archives
- May 2026
- April 2026
- November 2025
- September 2023
- March 2019
- March 2018
- June 2017
- May 2017
- November 2016
- September 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- April 2015
- December 2014
- October 2014
- September 2014
- May 2014
- April 2014
- March 2014
- January 2014
- November 2013
- October 2013
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
-
Meta
Author Archives: Ceecee Newman
Block Countries by IP on Debian Trixie with nftables and xtables-addons
Debian Trixie uses nftables as its default firewall. If you’re used to iptables, the commands still work — but they go through an iptables-nft compatibility shim that translates them to nftables rules under the hood. For country-based IP blocking, the … Continue reading
How to Set Up Google Analytics 4 (GA4) — Step-by-Step Guide
If you’ve been putting off setting up Google Analytics because you’re still on the old “Universal Analytics” (UA) — it’s time to act. UA is officially dead: Standard UA properties stopped collecting data on July 1, 2023 UA 360 (premium) … Continue reading
Using PHP with Mustache: Practical Examples and Gotchas
If you want clean templates in PHP without pulling in a full framework, Mustache is a great fit. It keeps logic out of views, which forces you to prepare data in PHP first and makes templates easier to scan later. … Continue reading
Scribe for Laravel: API Docs That Stay Fresh, and a Calm Way to Upgrade Them
Most Laravel teams reach a point where their API documentation is either out of date, written somewhere it shouldn’t be (Confluence, anyone?), or just doesn’t exist. Scribe is the package that quietly fixes this — it reads your routes, controllers, … Continue reading
BOLA in a Laravel Livewire app: when client-side state is the only thing standing between users and admin actions
A penetration test landed an interesting finding on a Livewire-powered admin panel I work on. The summary on the report read: Broken Object-Level Authorization (BOLA). A standard user can change a tenant-wide “who can access these assets” setting by replaying … Continue reading
Posted in Laravel, php
Tagged authorization, bola, laravel, livewire, owasp, php, security
Leave a comment
Laravel Sail: a developer’s cheat sheet 🐳
Laravel ships with Sail — a thin command-line wrapper around docker compose that gives you the whole Laravel toolchain (PHP, MySQL, Redis, Mailpit, Node) in containers, without you needing to install any of them on your host. The only thing … Continue reading