Let's make auto routes disable |
Auto routes are really dangerous. It could make vulnerabilities in your app very easily.
I strongly recommend you disable auto routes. For example, see this tutorial: https://www.binaryboxtuts.com/php-tutori...ntication/ If you build the tutorial app, an attacker could get list of users without token. How to disable auto routes: app/Config/Routes.php PHP Code: $routes->setAutoRoute(false);
Maybe disable auto routes by default?
protected $autoRoute = true; And this can also be removed from the default config. PHP Code: $routes->setDefaultController('Home');
I agree remove it in version 5.0. I always run with it false.
What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
If we talk about version 5, then it seems to me that it is better to move auto routes out of the framework into a separate package.
(02-21-2022, 07:45 PM)kenjis Wrote: Auto routes are really dangerous. It could make vulnerabilities in your app very easily. I thought was my self been asking this issue oooh we are many???? C_i needs to sort this by alternating this autoroute Codeigniter First, Codeigniter Then You!!
yekrinaDigitals
I think having them disabled by default is a good setting for the next release.
@kilishan Do you mean in v4.2.0?
|
Welcome Guest, Not a member yet? Register Sign In |