Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Feature Requests New more Secure Auto Routing
New more Secure Auto Routing
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,671
    Threads: 96
    Joined: Oct 2014
    Reputation: 231
#8
02-08-2023, 08:57 PM

Supplementary information on the risk here.
The controller filters being bypassed is the most obvious risk and the most significant.

The problem is that developers are not strictly aware of HTTP methods of a request, which can lead to defects if an attacker accesses the site with an HTTP method that the developer does not anticipate.

If the HTTP method does not change the processing, it does not seem to cause any particular problem, so I do not consider this to be a big risk. However, this is not to say that there is not a major risk of which I am unaware.
At the very least, the auto routing legacy will accept requests that do not need to be accepted.
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply


Messages In This Thread
New more Secure Auto Routing - by kenjis - 04-11-2022, 10:24 PM
RE: New more Secure Auto Routing - by InsiteFX - 04-12-2022, 12:14 AM
RE: New more Secure Auto Routing - by ignitedcms - 04-12-2022, 01:38 AM
RE: New more Secure Auto Routing - by kenjis - 05-07-2022, 05:58 AM
RE: New more Secure Auto Routing - by InsiteFX - 05-08-2022, 01:27 AM
RE: New more Secure Auto Routing - by sneakyimp - 02-08-2023, 06:32 PM
RE: New more Secure Auto Routing - by kenjis - 02-08-2023, 06:50 PM
RE: New more Secure Auto Routing - by kenjis - 02-08-2023, 08:57 PM
RE: New more Secure Auto Routing - by sneakyimp - 02-20-2023, 04:49 PM
RE: New more Secure Auto Routing - by kenjis - 02-20-2023, 05:24 PM
RE: New more Secure Auto Routing - by kenjis - 02-20-2023, 05:43 PM



Theme © iAndrew 2016 - Forum software by © MyBB