06-06-2012, 01:44 PM
[eluser]piddleton[/eluser]
In my newly converted CI site, I've turned on global_xss_filtering. I also used bindings in a query that takes form inputs and inserts the fields into a MySQL database.
If I weren't using CI, I'd need to do some more work myself into preventing cross-site scripting and SQL Injection. I got bitten by these issues many years ago on a ColdFusion site and ended up having to do a lot of work to shore up the holes. With CI, it almost seems too easy to do this. Not really a complaint mind you. :-)
Are these measures sufficient to protect my site? Anything else I should be doing as well?
In my newly converted CI site, I've turned on global_xss_filtering. I also used bindings in a query that takes form inputs and inserts the fields into a MySQL database.
If I weren't using CI, I'd need to do some more work myself into preventing cross-site scripting and SQL Injection. I got bitten by these issues many years ago on a ColdFusion site and ended up having to do a lot of work to shore up the holes. With CI, it almost seems too easy to do this. Not really a complaint mind you. :-)
Are these measures sufficient to protect my site? Anything else I should be doing as well?