How secure is a Laravel signed route?

Question

In my application, i generate purchase orders. To avoid send the pdf by mail, I'm sending a signed route link.

How secure is this link? Is there a possibility, that someone can hack it?

Answer 1

Laravel signed route, is reliant on a signature hash done with the hmac sha256 approach.

UrlGenerator.php in Laravel has this code that generates it.

return $this->route($name, $parameters + [
    'signature' => hash_hmac('sha256', $this->route($name, $parameters, $absolute), $key),
], $absolute);

This is as far as i know considered secure, related crypto stack site post. As long as your application key remains uncompromised, which it should.