[eluser]echo_boom[/eluser]
Well, after going over the CI User Guide I just wanted to double check some things concerning security so in the future I don’t make some terrible error.
-----
1) Cross site scripting (XSS):
In my config.php file:
Code:
$config['global_xss_filtering'] = FALSE;
I plan to INSTEAD use
Code:
$this->form_validation->set_rules(xss_clean)
. If I take this approach, can I leave the above configuration setting to FALSE and STILL be protected against XSS attacks?
-----
2) Cross site request forgery (CSRF)
If you use Codeigniter native
form_open and
form_open_multipart, is this is enough to protect against CSRF?
In my config.php file:
Code:
$config['csrf_protection'] = FALSE;
Should I set this to TRUE or is it
unneeded since I will be using form_open and form_open_multipart.
-----
3) SQL Injection
If I use CI native Active Record class for instance:
$this->db->select();
$this->db->where();
$this->db->get();
$this->db->set();
$this->db->where();
$this->db->update();
Am I automatically protected against SQL injection?
-----
Thank you in advance.
Slowly trying to crawl out of noob status
