Back to Blog
Security Architecture: Defense in Depth
Security Is Architecture
Security isn't a feature you add at the end—it's an architectural concern that affects every layer of your system. Defense in depth means multiple layers of protection, so a breach in one doesn't compromise everything.
Authentication Layer
// Multi-factor authentication
class LoginController
{
public function login(Request $request): Response
{
if (Auth::attempt($request->only('email', 'password'))) {
if ($request->user()->mfa_enabled) {
return redirect('mfa/verify');
}
return redirect('dashboard');
}
return back()->withErrors(['email' => 'Invalid credentials']);
}
}
// Session security
'session' => [
'lifetime' => 120,
'expire_on_close' => true,
'encrypt' => true,
'secure' => true,
'http_only' => true,
'same_site' => 'strict',
],Authorization Layer
// Policies for resource authorization
class OrderPolicy
{
public function view(User $user, Order $order): bool
{
return $user->id === $order->user_id
|| $user->hasRole('admin')
|| $user->belongsToTeam($order->team_id);
}
public function delete(User $user, Order $order): bool
{
return $user->hasPermission('orders.delete')
&& $order->status !== 'completed';
}
}Input Validation
class StoreOrderRequest extends FormRequest
{
public function rules(): array
{
return [
'customer_id' => ['required', 'exists:customers,id'],
'items' => ['required', 'array', 'min:1'],
'items.*.product_id' => ['required', 'exists:products,id'],
'items.*.quantity' => ['required', 'integer', 'min:1', 'max:100'],
'notes' => ['nullable', 'string', 'max:1000'],
];
}
}Data Encryption
// Encrypt sensitive fields
class User extends Model
{
protected $casts = [
'ssn' => 'encrypted',
'tax_id' => 'encrypted',
];
}
// Field-level encryption for maximum security
class EncryptedField
{
public static function encrypt(string $value): string
{
return Crypt::encryptString($value);
}
public static function decrypt(string $encrypted): string
{
return Crypt::decryptString($encrypted);
}
}Network Security
// Rate limiting
RateLimiter::for('api', function (Request $request) {
return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
});
// IP whitelisting for admin
Route::middleware(['auth', 'admin', 'ip.whitelist'])
->prefix('admin')
->group(function () {
// Admin routes
});Audit Logging
class AuditLogger
{
public function log(string $action, Model $model, array $changes = []): void
{
AuditLog::create([
'user_id' => auth()->id(),
'action' => $action,
'model_type' => get_class($model),
'model_id' => $model->id,
'changes' => $changes,
'ip_address' => request()->ip(),
'user_agent' => request()->userAgent(),
]);
}
}Conclusion
Security architecture requires thinking about authentication, authorization, encryption, and monitoring as fundamental concerns. Build these patterns into your architecture from day one.
Related Articles
Need Help With Your Project?
I respond to all inquiries within 24 hours. Let's discuss how I can help build your production-ready system.
Get In Touch