+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: authentication, redirect and security (/showthread.php?tid=12275)
authentication, redirect and security - El Forum - 10-13-2008
[eluser]vanzl[/eluser]
Is redirecting secure way to prevent non logged in users to acces parts of your page?
In most examples i've seen something like this:
Code:
class Admin extends Controller{
function admin(){
parent::controller();
if (!$this->auth->logged_in()){
redirect('somewhere');
}
}
}I guess my question is: can a potential hacker somehow avoid the redirect and still access admin functions?
authentication, redirect and security - El Forum - 10-13-2008
[eluser]xwero[/eluser]
I can't think of a way to avoid the redirect other than stealing somebodies login data.
authentication, redirect and security - El Forum - 10-13-2008
[eluser]Référencement Google[/eluser]
The redirect function does an exit() too after redirecting.
authentication, redirect and security - El Forum - 10-13-2008
[eluser]Mirage[/eluser]
Quote:I guess my question is: can a potential hacker somehow avoid the redirect and still access admin functions?
If you're asking whether they could manually construct a URL to get to actions in this controller, then I'd say no. The constructor will run first and so you effectively protected the entire class. As xwero says, any intrusion would have to happen before the controller executes.
Cheers,
-m
authentication, redirect and security - El Forum - 10-15-2008
[eluser]vanzl[/eluser]
Thank you for your replies. The exit() after redirect sets my mind at ease
