• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Security best practices... sanity check

#2
[eluser]ColonelChlorine[/eluser]
Hi Amc,
I think you're doing a good job there. I did some reading on StackOverflow that CI's xss filtering is a little bogus. I don't have the URL on hand, but if you search SO for "codeigniter" and "xss" or "cross site scripting" you should find more details.

As a final step, I like to move the "index.php" into another directory in the root. I call it something like "webroot". Then I change references to the "application" and "system" folders inside index.php to "../application/" and "../system". Then set your web server to only serve "webroot". This way no internet user can access your app or system folder by URL. It does away with the need to have that annoying "no direct script access" line at the top of all of your CI scripts.

Best of luck


Messages In This Thread
Security best practices... sanity check - by El Forum - 02-21-2012, 09:27 AM
Security best practices... sanity check - by El Forum - 02-21-2012, 10:27 AM
Security best practices... sanity check - by El Forum - 02-21-2012, 12:05 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.