CodeIgniter Forums

Full Version: Why does CI only allow certain values in the URL?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]jonnyjon[/eluser]
Is there a reason why CI only allows certain characters in the URL?

El Forum

[eluser]Clooner[/eluser]
Security maybe. You can change this in the config if you want more characters

El Forum

[eluser]jonnyjon[/eluser]
Yes, I found it in the config. It says if you allow all characters ... you are "insane".

El Forum

[eluser]Clooner[/eluser]
The question now is...

Are you insane %-P

I am just curious... Why would you need more characters?

El Forum

[eluser]jonnyjon[/eluser]
Well, why restrict things at all?

El Forum

[eluser]Clooner[/eluser]
[quote author="jonnyjon" date="1204451438"]Well, why restrict things at all?[/quote]

Maybe it is because of query injections

El Forum

[eluser]Derek Allard[/eluser]
The answer is immediately above the "you are insane" part.
Quote:| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
In general, the more paranoid you can be, the better. If you're just getting started with PHP/web application security, I'd encourage you to start reading around a bit more. 2 good topics to start on are XSS injection and SQL injection.

There are many more, but those are the "gateway" topics in my opinion. Good luck!