CodeIgniter Forums - Search Results

Pages (2): 1 2 Next »

Search Results

Thread: Preventing non-persistent XSS attacks
Post: RE: Preventing non-persistent XSS attacks

kenjis Wrote: (09-23-2021, 01:03 AM) -- Use html_escape() when you display variable data in HTML. See https://codeigniter.com/userguide3/helpers/form_helper.html#escaping-field-values -- It's not...

Thread: Preventing non-persistent XSS attacks
Post: Preventing non-persistent XSS attacks

I have a CI3 application that is vulnerable to non-persistent XSS attacks. I'm struggling to work out how I can prevent these, this sort of thing works on any URL that accepts querystring input: ...

Thread: Page view tracking
Post: RE: Page view tracking

@php_rocs that does look like it has potential. I can see how the Embedded reports feature or the static image graphs could be used for the on-page reporting. Just need to work out if you can get th...

Thread: Page view tracking
Post: Page view tracking

I manage a large CodeIgniter 3 site that keeps track of page views by writing to a database table. This sort of works fine, however we're getting scalability issues as it's now has over 3 million...

Thread: Session library not garbage collecting
Post: RE: Session library not garbage collecting

Thanks for that heads up - will look into implementing that.

Thread: Session library not garbage collecting
Post: RE: Session library not garbage collecting

Thanks for that, super-helpful response, and I think we have found the problem! Code: -- session.gc_probability = 0 session.gc_divisor = 0 session.gc_maxlifetime = 1440 -- Although from having...

Thread: Session library not garbage collecting
Post: Session library not garbage collecting

I have a site that is built on CI bonfire, running CI 3.1.6. It's a popular site and uses the filesystem for session management, however it appears that the garbage collection, that should be delet...

Thread: Obfuscating encryption_key
Post: RE: Obfuscating encryption_key

Forgot to turn on notifications and only just spotted these replies! AWS key rotation is something I was considering. I need to put some thought into how I will re-encrypt everything in the databa...

Thread: Obfuscating encryption_key
Post: Obfuscating encryption_key

I am currently writing a web app where much of the data stored in the database will be encrypted using the CI encryption library. The obvious single point of failure here is the encryption key whic...

Thread: Authentication libraries: Two factor auth support
Post: RE: Authentication libraries: Two factor auth supp...

Thanks for the responses. After a bit of hunting around I found a fork of Ion Auth 2 that includes TOTP and have just had a quick play around with it and all appears to work well: https://github.com/...

Thread: Authentication libraries: Two factor auth support
Post: RE: Authentication libraries: Two factor auth supp...

I was coming on here to ask the exact same question. Did you ever find a solution that worked for you?

Thread: Working with an encrypted database
Post: RE: Working with an encrypted database

php_rocs Wrote: (05-17-2019, 05:41 AM) -- @jhob, The other thing that is important is to make sure that you require the site to use an SSL certificate, which will encrypt any content between the u...

Thread: Working with an encrypted database
Post: RE: Working with an encrypted database

dave friend Wrote: (05-17-2019, 04:57 AM) -- Handle searchs by encrypting the value of the needle in the haystack being searched. I have not seen many systems where ALL the data was encrypted. It...

Thread: Working with an encrypted database
Post: Working with an encrypted database

I'm soon going to be starting a CI project where there is a requirement for the database to be encrypted as it will store sensitive client data. I've not worked with database encryption before bu...

Thread: A more efficient pagination library?
Post: RE: A more efficient pagination library?

But even with an index pagination with that many records can be painfully slow. The alternative methods I mentioned all used the Id of the first/last items on the current page. Anyway, by sounds o...

Thread: A more efficient pagination library?
Post: A more efficient pagination library?

So the pagination library works great for working with smaller data sets. However I need to paginate a table of 500,000 records and the pagination is dogshit slow with some queries taking upwards of ...

Thread: Allow direct access to a php file
Post: Allow direct access to a php file

I need to place a php script onto the same web space that a codeigniter app runs from. However codeigniter is blocking access to this file and returning a 404. I have tried to place exceptions i...

Thread: Preventing XSS injection in querystring
Post: RE: Preventing XSS injection in querystring

skunkbad Wrote: (12-19-2017, 07:38 AM) -- Show how you are using it. -- When receiving the inputs, loops through each in the querystring: Code: -- if ( ! empty( $_GET[ $field ] ) ) { $query[...

Thread: Preventing XSS injection in querystring
Post: Preventing XSS injection in querystring

I have a CI3 site that is vulnerable to XSS injection via the querysting: https://thesite.com/search?q=x'> I have all inputs going through Code: -- $this->input->get('q', true) -- so it's prot...

Thread: Regex in delete_cache
Post: Regex in delete_cache

Is there any way of including a regex in delete_cache? I'm guessing not because of the way the filenames are hashed but thought I'd ask anyway. So I'd want to do something like: PHP Code: -- $...