Login

05-13-2011, 08:06 AM

[eluser]boltsabre[/eluser]
Interesting discussion... I've recently completed a 1.5yr Diploma IT (Website Development) course (note: not a full Bachelor Degree of Computer Science, where I imagine things would have been taught more in depth. And to further compact the problems I'm about to mention, my course was initially a 2 year course, but my institution condensed it into 1.5 yrs...hmmphfff).

1.5 years is not much when you consider you have to cover topics such as HTML, JavaScript, PHP, a FrameWork, Relational Databasing, (My)SQL, UML, Project Management (and an array of other 'interpersonal, business, costing, budgets, Service Level Agreements, etc' kind of subjects), Online Privacy, Risk Analysis, Reporting/Analysis tools (ie google analytics), logs, Testing and so on. And that's not even to mention stuff like a JavaScript Framework/Library, SEO/SEM, .htaccess, JSON (etc etc) were not even touched upon. As such, unfortunately, Security (like the rest of the subjects we studied) was skimmed across in a very quick fashion.

As such, I'm going to say that both 'opinions/contributions' made by Toopay and Padraic Brady are of utmost importance and interest too me. Trying to figure out 'what constitutes good security' in todays day and age is almost impossible, there are ranging conflicts of opinions and methods on every blog you read.

Having a good solid "data integrity policy" is imperative, but at the same time I fully agree that the documentation on CI is rather lacking, especially for someone, like myself, who is relatively new to the game... For example, I had to ask on the forums here about CSRF - the documentation is only 3 lines long.

A good tutorial on how to safely and accurately implement the myriad of security goodies CI has given us, combined with an overview of 'why' it is important to implement them in the first place, (and perhaps even covering how(and WHY) to write your own custom form filters and extend the base validation class, thus tackling the filtering issue at its base) I believe, would be up great benefit to this community. I know I would definitely be watching/reading it!

I shudder to think what kind of applications some 'novices/hacks' is making using CI (or any framework or just a plain old text editor for that matter) considering how hard I'm finding the whole 'security, filtering, cleansing, input, output' minefeild. Whilst I understand it IS NOT CI'S RESPONSIBILITY OR PROBLEM, as mentioned, a good tutorial and improved documentation would be invaluable... then when 'novice' questions arise in the forums we could just point them in the right direction so that they can build better and safer applications, and thus leaving the forum for the more important and technical aspects of this complex and daunting issue.

Just my 2 cents worth from the perspective of someone struggling, but trying hard, to build safe applications for my beloved users.