• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
XSS and SQL Injection

#1
[eluser]piddleton[/eluser]
In my newly converted CI site, I've turned on global_xss_filtering. I also used bindings in a query that takes form inputs and inserts the fields into a MySQL database.

If I weren't using CI, I'd need to do some more work myself into preventing cross-site scripting and SQL Injection. I got bitten by these issues many years ago on a ColdFusion site and ended up having to do a lot of work to shore up the holes. With CI, it almost seems too easy to do this. Not really a complaint mind you. :-)

Are these measures sufficient to protect my site? Anything else I should be doing as well?

#2
[eluser]Otemu[/eluser]
Hi,

Are you also validating data on your form inputs?? If not check out the form validation class
Good guide to Codeigniter security here

Hope that helps

#3
[eluser]CI_expert_indian[/eluser]
sufficient in coding level piddleton Smile

#4
[eluser]piddleton[/eluser]
Thanks, sounds like I'm good to go as I am using the form validation class. I think I was so badly burned by XSS and SQL Injection in the past I'm probably over-thinking it.

Will check out the security link.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.