+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Prohibit access to get_instance() from a view (/showthread.php?tid=69425)
Pages:
1
2
Prohibit access to get_instance() from a view - rolf - 11-20-2017
Hi there,
I’m having a small issue with Codeigniter.
I would like to prohibit access to CI and the get_instance() from a view.
In other words, it should not be possible to access get_instance from a view.
Can anyone help me out here?
Thanks, best regards,
Rolf
RE: Prohibit access to get_instance() from a view - dave friend - 11-20-2017
Why? Are you afraid a developer is going to use it in a view?
RE: Prohibit access to get_instance() from a view - ciadmin - 11-20-2017
https://www.codeigniter.com/user_guide/general/managing_apps.html
RE: Prohibit access to get_instance() from a view - dave friend - 11-20-2017
(11-20-2017, 06:07 PM)ciadmin Wrote: https://www.codeigniter.com/user_guide/general/managing_apps.html
I'm feeling really dumb because I don't understand how that relates to the OP's question.
RE: Prohibit access to get_instance() from a view - Narf - 11-21-2017
Not possible.
RE: Prohibit access to get_instance() from a view - ivantcholakov - 11-21-2017
@rolf
If you find a way to abandon using/parsing PHP for views, then it would be possible.
RE: Prohibit access to get_instance() from a view - rolf - 11-21-2017
(11-20-2017, 03:26 PM)dave friend Wrote: Why? Are you afraid a developer is going to use it in a view?
That's the main reason for it indeed. We're working with developers we don't personally know and it's just too easy to print the database password right now. I've already solved the issue by implementing a template engine.
However, for security reasons it would be very recommendable if a new version of CI would have the option to prohibit accessing get_instance from views.
RE: Prohibit access to get_instance() from a view - rolf - 11-21-2017
(11-21-2017, 03:00 AM)Narf Wrote: Not possible.
I agree. Even when creating an extension for get_instance(), it's still not possible to determine whether a call was being made from the view or from the controller.
RE: Prohibit access to get_instance() from a view - rolf - 11-21-2017
(11-21-2017, 05:46 AM)ivantcholakov Wrote: @rolf
If you find a way to abandon using/parsing PHP for views, then it would be possible.
Thanks. Yes, I decided to implement Twig in order to solve this issue. But it would have been much easier if this would be a default setting in a new CI version. It's really unsafe right now and doesn't fit into the MVC logic anyway...
Thanks for all of your replies
RE: Prohibit access to get_instance() from a view - Narf - 11-21-2017
(11-21-2017, 09:36 AM)rolf Wrote:(11-21-2017, 03:00 AM)Narf Wrote: Not possible.
I agree. Even when creating an extension for get_instance(), it's still not possible to determine whether a call was being made from the view or from the controller.
It is possible to detect where the call originated from. You can't make an extension of get_instance().