Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums External Resources Jobs Looking for security / performance experts
Thread Closed 
Looking for security / performance experts
  • Offline nemeris
    Newbie
  • *
  • Posts: 9
    Threads: 2
    Joined: Nov 2016
    Reputation: 0
#1
Star  11-28-2016, 09:51 AM
(This post was last modified: 11-28-2016, 09:52 AM by nemeris.)

Hello,

I 'm writing an application with CodeIgniter, I have read many security & performance articles.

But I still find myself in situations that I'm not sure what to do or how to do something to be the best approach (in case of security and performance)

I'd like to have advice of security and performance experts (not free of course) to answer my questions and help me achieve a solution when I'm stuck (I won't bother you much, just some questions that I can't find a trusted answer online)

I was thinking of a (small) thank you gift of $50 per questions and assistants (that might take up to 1 hour) or $20 gift if it's 1-3 simple questions that can be answered in some minutes. if it takes more, then I would of course pay more (and yes I know it's not enough for "Real" experts, but that's what I can afford at the moment)

So please if you are an expert in security / performance and have some spare time let me know so we can discuss this and payment methods and then start.

---------------------------------

Some examples of what kind of questions I mean exactly:

1. Hard question:
  • How to surely prevent Double form submitions or Racing attacks (and don't affect performance when the website is under pressure) if we can't trust CSRF in CodeIgniter: Example Situation
    what I have tried is inserting a unique value to database table (with Unique Key) and form is valid if: $this->db->affected_rows() > 1

2. Simple question:

If we have a lot of visitors (but also a dedicated server with SSD and 32 GB Ram), how to set the following CodeIgniter configs to have the best Security/Performance (I don't have enough experience to be sure, a little explanation would be appreciated as well):

PHP Code:
$config['encryption_key'] = hex2bin('2737hdba7b7146bhh4b22af11ak5it33'); // generated with bin2hex($this->encryption->create_key(16))

$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'u2irkyu66gj3n';
$config['sess_expiration'] = 1800;
$config['sess_save_path'] = 'r74ge_sessions';
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 120;
$config['sess_regenerate_destroy'] = FALSE;

$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'ghi5j3h7lh7';
$config['csrf_cookie_name'] = 'bnj4flg4hjd';
$config['csrf_expire'] = 1200;
$config['csrf_regenerate'] = TRUE


Of course these are examples.
Thread Closed 


Messages In This Thread
Looking for security / performance experts - by nemeris - 11-28-2016, 09:51 AM



Theme © iAndrew 2016 - Forum software by © MyBB