High security and auth demands. Is CodeIgniter right for us?

[eluser]Unknown[/eluser]
Hi!

I'm evaluating CI for a possible future application and I have a few questions regarding auth and security. If chosen, CI would work as a front for a business back end, communicating through web services (json or such). The demands regarding security are extremly high, so there's no room for error in this matter.

The first general question would be; is CI secure enough for this kind of project, given that we're using reliable auth and session handling libraries?

To be more concrete, I've just installed Ion_auth to try it out. Not yet knowing if this is suitable for us, one question comes to mind. Since no part of the application should be available for unauthenticated users, I guess one way would be to check the user status within every single one of our controllers and throwing them out if not logged in. Although this seems very ineffective and not likely the best solution. What would be best practice?

I'm still learning my way around CI, so I hope my questions are understandable.

Thanks!

[eluser]Kamarg[/eluser]
Standard practice is to create a MY_Controller and put your authentication in it's constructor. Then have all your controllers extend MY_Controller so that the authentication is always run. Alternately, you can use a precontroller hook to do the same thing. I use a library called MX_Acl that uses the hook method that I'm very happy with.

[eluser]CroNiX[/eluser]
To further Kamargs point, this is a very good article to read on how to accomplish that. If everything is going to be protected, you probably just need a MY_Controller instead of a public and admin base controllers, but the concepts explained are very helpful.

[eluser]Unknown[/eluser]
Thanks both of you, I will look into MY_Controller right away!

Is this solution considered to be ultra super safe and secure, or could someone with exceptional hacking skills be able to work around this in any way?