02-21-2012, 10:27 AM
[eluser]ColonelChlorine[/eluser]
Hi Amc,
I think you're doing a good job there. I did some reading on StackOverflow that CI's xss filtering is a little bogus. I don't have the URL on hand, but if you search SO for "codeigniter" and "xss" or "cross site scripting" you should find more details.
As a final step, I like to move the "index.php" into another directory in the root. I call it something like "webroot". Then I change references to the "application" and "system" folders inside index.php to "../application/" and "../system". Then set your web server to only serve "webroot". This way no internet user can access your app or system folder by URL. It does away with the need to have that annoying "no direct script access" line at the top of all of your CI scripts.
Best of luck
Hi Amc,
I think you're doing a good job there. I did some reading on StackOverflow that CI's xss filtering is a little bogus. I don't have the URL on hand, but if you search SO for "codeigniter" and "xss" or "cross site scripting" you should find more details.
As a final step, I like to move the "index.php" into another directory in the root. I call it something like "webroot". Then I change references to the "application" and "system" folders inside index.php to "../application/" and "../system". Then set your web server to only serve "webroot". This way no internet user can access your app or system folder by URL. It does away with the need to have that annoying "no direct script access" line at the top of all of your CI scripts.
Best of luck
