[eluser]porangi[/eluser]
Hi,
Still loving codeigniter and almost about to release my first fully fledged application (Multi-lingual member-only streaming media service) written in it. The trouble with all learning is that at the end of one journey you suffer from hindsight and the what-ifs of if I could do it all over again but I guess that's life.
Anyway, I'm paranoid about it being secure, nothing is more embarrassing than unhappy clients asking why their site now says 'Turkish Hacker' (or similar, I'm not picking on people from Turkey, just that was the source of my last unfortunate Joomla experience - disabled 3rd party plugin left installed with a big fat security hole.)
So I have two questions :-
1) Do other people bother to validate hidden id fields when updating records. I am using a validation config array but then if validation fails I could be returning to an update form with an invalid id that I can't use - arghhhh, confusion!
2) What security scanners do people try on their sites. I've used Websecurify which seems to work OK and I've also tried skipfish but get more errors than I can handle.
Anyway, if anyone has experience in this area or even opinions they would like to share I'd be grateful.
Happy Days
Chris
