Welcome Guest, Not a member yet? Register   Sign In
The weakest points of CI in terms of security?
#1

[eluser]term25[/eluser]
OK, I have moved appplication and system folder out of the root one level up, so it is not publically accessible. Assets stuff stay in root, because it is not a problem in my case, just bunch of css and images, nothing important.

Then I have used trim and xss_clean on all forms validation elements (inputs, select, textareas...)

My only worry (that I am aware of) is the controller part.

how can I be sure that e.g. if I have a controller called users

and there are methods to add, delete, edit etc.. Is the check that user is logged in and has a certain permission as an admin role to do such thing enough or is it possible to do it no matter if there is a check at the top of the controller for access only via admin?

What is your opinion? Is the parent check in controller if user is admin enough?

Can you recommend some good reading about CI security or a book specific to CI security?



Messages In This Thread
The weakest points of CI in terms of security? - by El Forum - 07-26-2012, 03:16 AM
The weakest points of CI in terms of security? - by El Forum - 07-26-2012, 01:13 PM
The weakest points of CI in terms of security? - by El Forum - 07-26-2012, 01:40 PM



Theme © iAndrew 2016 - Forum software by © MyBB