| Is CodeIgniter secure |
[eluser]JamesBarnsley[/eluser]
How many large scale applications have been built with CodeIgniter, is it secure enough to handle things like credit card details etc? Is there any special work that needs to be required to make it secure? I am talking about an application with thousands / millions of users. All which need credit card details and other financial information storing?
[eluser]Jelmer[/eluser]
Those are 2 different problems. Quote:I am talking about an application with thousands / millions of users.To handle such a huge amount PHP itself is the bottleneck. Facebook is written in PHP and their developers have written a couple of blogs about solving those problems. I didn't save the URLs so you'll have to Google those yourself. CI has a very tiny footprint, so CI won't be your bottleneck. Though when handling such amounts of visitors you'd probably optimize and grow out of using any framework. But when using a framework CI is probably your best option. Quote:is it secure enough to handle things like credit card details etc?That's more up to you then up to CI. CI offers protection against SQL injections (through Active Record), against XSS (either globally or by setting the second parameter of $this->input->post() and $this->input->cookie() to TRUE), and as of CI2 against CSRF. But if you don't know how to use them there will be security holes, no framework can do all the work for you. But aside from that point: if you're planning an application handling such sensitive data you should be VERY aware of all of those yourself. And you REALLY MUST be capable of deciding for yourself if the security of any 3rd party library/framework you're using is good enough. To write something like this and not have as complete knowledge as possible about security concerns is incredibly irresponsible.
[eluser]theprodigy[/eluser]
For applications using CodeIgniter, take a look on the CodeIgniter Projects Page. Another one of note would be Retweet. Last I heard, it was built on CodeIgniter. With the links above, you can make your determination as to whether or not it's scalable enough for you. Just remember that not all sites built on CodeIgniter will be listed. Those are user submitted links. As for whether it is secure or not, the basic answer is: It's as secure as any basic PHP app you write. CodeIgniter is a framework, not a CMS. It's not like WordPress, where you install it and BAM you have a site. You still have to code everything yourself. CodeIgniter just makes it easier and quicker. If you don't like the way CodeIgniter handles something, then you can code that part in basic PHP, while still continuing to enjoy the other aspects of Codeigniter. It's flexible like that ;-)
[eluser]JamesBarnsley[/eluser]
[quote author="Jelmer" date="1286341517"]Those are 2 different problems. Quote:I am talking about an application with thousands / millions of users.To handle such a huge amount PHP itself is the bottleneck. Facebook is written in PHP and their developers have written a couple of blogs about solving those problems. I didn't save the URLs so you'll have to Google those yourself. CI has a very tiny footprint, so CI won't be your bottleneck. Though when handling such amounts of visitors you'd probably optimize and grow out of using any framework. But when using a framework CI is probably your best option. Quote:is it secure enough to handle things like credit card details etc?That's more up to you then up to CI. CI offers protection against SQL injections (through Active Record), against XSS (either globally or by setting the second parameter of $this->input->post() and $this->input->cookie() to TRUE), and as of CI2 against CSRF. But if you don't know how to use them there will be security holes, no framework can do all the work for you. But aside from that point: if you're planning an application handling such sensitive data you should be VERY aware of all of those yourself. And you REALLY MUST be capable of deciding for yourself if the security of any 3rd party library/framework you're using is good enough. To write something like this and not have as complete knowledge as possible about security concerns is incredibly irresponsible.[/quote] Ok thanks for the advice.
[eluser]JamesBarnsley[/eluser]
I was also just wondering ... Do you think Codeigniter is more secure than Rails?
[eluser]Jelmer[/eluser]
I think you kinda missed my point: a framework offers tools for security. The actual security is up to you. And to make a previous point more explicitly: even if a lot of security is automated, if you don't know what you're doing there's going to be holes created by you. A framework helps you, it can't prevent mistakes - especially if you don't know what you're doing. CI's security measures are good. I prefer a bit strickter implementation on the CSRF front but CI's is more then adequate. I don't have any experience with Rails so I can't comment on that specificly. But as long as the tools are good (which they are in CI and probably are in Rails as well), the rest is up to you and the question is pretty much moot. |
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
