| GoIgniter, Extending CodeIgniter 3. |
|
I always have an interest in looking at other peoples solutions in there core folder. So I took a look at your MY_Config.php file and noticed you are setting the base_url dynamically with values from $_SERVER['SERVER_NAME'] or $_SERVER['SERVER_ADDR']. I understand why this is handy (I used it myself in the past), but it makes you vulnerable for 'host header injection' attacks.
Nowadays I use an installer which sets the base_url config value to the live domainname and dynamically overrule this if $_SERVER['SERVER_NAME'] is on my development tld (I use http://customerX.dev etc). |
| Messages In This Thread |
|
GoIgniter, Extending CodeIgniter 3. - by gofrendi - 01-04-2017, 07:32 AM
RE: GoIgniter, Extending CodeIgniter 3. - by Diederik - 01-04-2017, 08:04 AM
RE: GoIgniter, Extending CodeIgniter 3. - by ivantcholakov - 01-04-2017, 09:03 AM
RE: GoIgniter, Extending CodeIgniter 3. - by ivantcholakov - 01-04-2017, 09:09 AM
RE: GoIgniter, Extending CodeIgniter 3. - by gofrendi - 01-04-2017, 06:00 PM
RE: GoIgniter, Extending CodeIgniter 3. - by ivantcholakov - 01-04-2017, 06:52 PM
RE: GoIgniter, Extending CodeIgniter 3. - by gofrendi - 01-04-2017, 07:00 PM
RE: GoIgniter, Extending CodeIgniter 3. - by ivantcholakov - 01-04-2017, 07:36 PM
RE: GoIgniter, Extending CodeIgniter 3. - by gofrendi - 01-09-2017, 07:50 AM
|
