How robust/(un)safe is CI

[eluser]Unknown[/eluser]
I am a new user and i don’t want to flame CI since i really like it a lot. But i personally think safety of any framework should be the prime concern so forgive me if i sound blunt. Its just because i want to get some clarity about this subject.

So far i am very impressed with how smooth everything goes with CI, but i am very worried about its robustness and safety. In a very recent topic (http://ellislab.com/forums/viewthread/53203/P0/) someone noted CI is NOT always escaping properly which can be a huge security risk (if i am not mistaken). The reason i am worried is because my assumption that CI was making my web-system safer might be incorrect. Now i believe the biggest security risk is actually CI itself. The escaping bug is very easy to see, even if you just briefly glance at the code, very easy to fix, but it is still in the current release. That makes me wonder how good the quality of the rest of the code is. Has it been reviewed by other professional people? How has it been used and tested ?

The second question is about the callback validation functions. You can use i.e. callback_username_check as a parameter for the validation class. So you need to make the function username_check for checking which is a PUBLIC function and therefore can be called from the browser. Shouldn’t this function be private? I know you can fix it by using a double underscore, but this should at least be mentioned in the userguide. I’m not a real php programmer so i might be wrong but currently i come to the conclusion this is actually a design fault. It would be safer to have all functions private unless you explicitly make them public.

I only used CI intensively for a couple of days but if these 2 problems already arise, i am worried about how much more problems i am unaware of. I hope one of the developers can give some clarity about how much of a priority security is to them.
And please don’t think this is some sort of rant for not supplying the update we all needed yesterday. I just try to give some context on why i am worried and reluctant to use CI as a framework.

[eluser]smilie[/eluser]
Hi,

1. No system is bulletproof - CI is no exception; there will always be some security issues. However I personally do consider CI base code to be well thought through and built. Of course, it is on the programmer himself to double check everything and if possible to ask other people to do checks as well (due to the objectivity).

2. You are correct - simply use double __ for the function name and it becomes private. No problems there, should be common practice of a seasond programmer.

3. Security is always high prio. But, as in real life, there are times that you must cut corners.

Once again - simply check and double check your code. There is enough info regarding most common flaws in the code, which you can test your application against.

Happy coding!
Smilie

[eluser]WanWizard[/eluser]
Security should be on your mind as a developer, 24-7. It is your responsability, not that of the framework.

The post in question was discussing escaping user input, and total rubbish as I already wrote in that thread (if it's what I think it is, your link is invalid).
You don't want the framework to do that automatically, you should take care of it when needed, the framework should provide you with the toolset to make it simple.

The fact that you have to prefix your methods with an underscore to make them not accessable from the URI is very well documented in the user guide. Same for the fact that you have to prefix callbacks in the controller by 'callback_'. You, as developer, should deduct from these two statements, that to make a method _private() a callback, you should prefix it with 'callback_', the result being 'callback__private', with two underscores.

I'm afraid that the statement 'I'm not a real PHP programmer" gives part of the problem away here. The biggest security risk is not the framework, the biggest risk is the developer.