| Security best practices... sanity check |
[eluser]Unknown[/eluser]
Thanks for your quick and helpful reply. Though I didn’t mention it in my original post, I have also performed the steps you laid out. Since we’re talking security, I guess I should mention my approach to CSRF. I am not using CI’s built in CSRF protection. Partially because I discovered it after I already implemented my own, and also because it’s my understanding it doesn’t support multi-form pages (which I have). I also found the documentation light in this area. It explains how to turn it on, but it wasn’t so clear to me how to use it effectively (thought I’m sure with some digging I’d figure it out). Anyway, I implemented my own by generating a random hash, storing it to both a session variable and post variable then comparing the two on the page receiving the submit. I think this is a pretty standard way to do it. Lastly, I use Tank_Auth for handling authentication Tank_auth I think that covers it. |
| Messages In This Thread |
|
Security best practices... sanity check - by El Forum - 02-21-2012, 09:27 AM
Security best practices... sanity check - by El Forum - 02-21-2012, 10:27 AM
Security best practices... sanity check - by El Forum - 02-21-2012, 12:05 PM
|
