Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter and Security
#2

I guess this question for me needs more input are your talking about the security of your files or security of your data? File security is controlled mostly by your Web Server. CodeIgniter can be setup so that only the index.php file is "available" in the publicly accessible "root" folder. In addition if you still setup your CodeIgniter Application where you have everything in your public "root" folder (which I don't recommend) CI still includes

PHP Code:
defined('BASEPATH') OR exit('No direct script access allowed'); 

at the top of every CodeIgniter File and you should do the same. Again, I recommend just putting every below the public root and exposing just index.php. Then make sure your Web Server is setup correctly.

When it comes to your data you need to clear your form input and make sure your database is secure. Make sure the web site database user has the minimum needed permissions to do it's job. Don't use the DB root login!

You can easily clean your form input using the form validation library https://www.codeigniter.com/user_guide/l...ation.html as well as the Security Class https://www.codeigniter.com/user_guide/l...urity.html.

Even after validating the input make sure you escape your output https://www.codeigniter.com/user_guide/h...ght=escape

Following that should get you headed in the right direction.

DMyers
Reply


Messages In This Thread
CodeIgniter and Security - by dennisphartz - 04-05-2018, 02:01 AM
RE: CodeIgniter and Security - by dmyers - 04-05-2018, 05:15 AM



Theme © iAndrew 2016 - Forum software by © MyBB