CodeIgniter Forums
Why does CI only allow certain values in the URL? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Why does CI only allow certain values in the URL? (/thread-6508.html)



Why does CI only allow certain values in the URL? - El Forum - 03-01-2008

[eluser]jonnyjon[/eluser]
Is there a reason why CI only allows certain characters in the URL?


Why does CI only allow certain values in the URL? - El Forum - 03-01-2008

[eluser]Clooner[/eluser]
Security maybe. You can change this in the config if you want more characters


Why does CI only allow certain values in the URL? - El Forum - 03-01-2008

[eluser]jonnyjon[/eluser]
Yes, I found it in the config. It says if you allow all characters ... you are "insane".


Why does CI only allow certain values in the URL? - El Forum - 03-01-2008

[eluser]Clooner[/eluser]
The question now is...

Are you insane %-P

I am just curious... Why would you need more characters?


Why does CI only allow certain values in the URL? - El Forum - 03-01-2008

[eluser]jonnyjon[/eluser]
Well, why restrict things at all?


Why does CI only allow certain values in the URL? - El Forum - 03-01-2008

[eluser]Clooner[/eluser]
[quote author="jonnyjon" date="1204451438"]Well, why restrict things at all?[/quote]

Maybe it is because of query injections


Why does CI only allow certain values in the URL? - El Forum - 03-02-2008

[eluser]Derek Allard[/eluser]
The answer is immediately above the "you are insane" part.
Quote:| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
In general, the more paranoid you can be, the better. If you're just getting started with PHP/web application security, I'd encourage you to start reading around a bit more. 2 good topics to start on are XSS injection and SQL injection.

There are many more, but those are the "gateway" topics in my opinion. Good luck!