CodeIgniter and Security |
I guess this question for me needs more input are your talking about the security of your files or security of your data? File security is controlled mostly by your Web Server. CodeIgniter can be setup so that only the index.php file is "available" in the publicly accessible "root" folder. In addition if you still setup your CodeIgniter Application where you have everything in your public "root" folder (which I don't recommend) CI still includes
PHP Code: defined('BASEPATH') OR exit('No direct script access allowed'); at the top of every CodeIgniter File and you should do the same. Again, I recommend just putting every below the public root and exposing just index.php. Then make sure your Web Server is setup correctly. When it comes to your data you need to clear your form input and make sure your database is secure. Make sure the web site database user has the minimum needed permissions to do it's job. Don't use the DB root login! You can easily clean your form input using the form validation library https://www.codeigniter.com/user_guide/l...ation.html as well as the Security Class https://www.codeigniter.com/user_guide/l...urity.html. Even after validating the input make sure you escape your output https://www.codeigniter.com/user_guide/h...ght=escape Following that should get you headed in the right direction. DMyers |
Messages In This Thread |
CodeIgniter and Security - by dennisphartz - 04-05-2018, 02:01 AM
RE: CodeIgniter and Security - by dmyers - 04-05-2018, 05:15 AM
|