user session data passed to view

#1
[eluser]mike34666[/eluser]
hello, i want to pass userdata to the view. is there anything inherently insecure or unsafe about this?


Code:
$params['userdata'] = $this->session->userdata;

$this->load->view('foo',  $params);

#2
[eluser]vitoco[/eluser]
i think not , if you doesn't do echo on sensible data. Remember that all the process, e.g. the session data in the view is processed in the server, not in the client, so you can pass all data needed to the view, sensible or not, but it's only a security flaw if you show it( send it to the client in the rendered html ).

if i'm wrong, please correct me.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.