CodeIgniter Forums
I want to know best practice about CI3 security. - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Best Practices (https://forum.codeigniter.com/forumdisplay.php?fid=12)
+--- Thread: I want to know best practice about CI3 security. (/showthread.php?tid=61688)

I want to know best practice about CI3 security. - Vimal - 05-06-2015

Hello frends
I almost completed my first project with codeigniter 3.0 i started when Rc released.
I want to know tips for make it more secure..
Suggest me if any best practice should i do with ci3.0 Smile

RE: I want to know best practice about CI3 security. - davidgv88 - 05-06-2015

Hi Vimal.

Look this:

http://www.codeigniter.com/user_guide/general/security.html

Always use $this->input->post('value',TRUE); The TRUE is important for prevent XSS Injections.

David

RE: I want to know best practice about CI3 security. - GrigoreMihai - 05-06-2015

(05-06-2015, 04:03 AM)davidgv88 Wrote: Hi Vimal.

Look this:

http://www.codeigniter.com/user_guide/general/security.html

Always use $this->input->post('value',TRUE); The TRUE is important for prevent XSS Injections.

David

Using good validations is not better then this ?

RE: I want to know best practice about CI3 security. - davidgv88 - 05-06-2015

(05-06-2015, 06:15 AM)GrigoreMihai Wrote:
(05-06-2015, 04:03 AM)davidgv88 Wrote: Hi Vimal.

Look this:

http://www.codeigniter.com/user_guide/general/security.html

Always use $this->input->post('value',TRUE); The TRUE is important for prevent XSS Injections.

David

Using good validations is not better then this ?

Yes!! I Forgot!

You can use the form validation http://www.codeigniter.com/user_guide/libraries/form_validation.html

RE: I want to know best practice about CI3 security. - mwhitney - 05-06-2015

From http://www.codeigniter.com/user_guide/general/security.html#xss-filtering
Quote:XSS filtering should only be performed on output. Filtering input data may modify the data in undesirable ways, including stripping special characters from passwords, which reduces security instead of improving it.

Passing TRUE to the second parameter of $this->input->post() passes your input through the XSS filter, which should not be done.

On output, you can pass your data (or individual values from your data) through $this->security->xss_clean() as needed.