Welcome Guest, Not a member yet? Register   Sign In
Simple subdomains handler for CI3
#4

(04-04-2016, 08:26 AM)josepostiga Wrote:
(04-04-2016, 08:14 AM)albertleao Wrote: This is very insecure as I can easily spoof my subdomain to an address.

This should be handled by having different environments

Can you elaborate on that?

Sure.

The subdomain is another form of user input. It can be modified by changing hosts files on unix based systems, not sure how to on windows. 

But for example, a user can change their settings so that admin.website.com is actually coming from somewhere else. This can leave room for vulnerabilities.

The safest and most secure way would be to setup the environment on your server rather than have your app choose. Having a .ENV file or an global environment setup through apache or something is the way to go. Some web hosting companies, like AWS, allow you to set environments on boot up of instances.
Codeigniter is simply one of the tools you need to learn to be a successful developer. Always add more tools to your coding arsenal!
Reply


Messages In This Thread
RE: Simple subdomains handler for CI3 - by albertleao - 04-04-2016, 08:48 AM



Theme © iAndrew 2016 - Forum software by © MyBB