Welcome Guest, Not a member yet? Register   Sign In
Why does CI only allow certain values in the URL?
#1

[eluser]jonnyjon[/eluser]
Is there a reason why CI only allows certain characters in the URL?
#2

[eluser]Clooner[/eluser]
Security maybe. You can change this in the config if you want more characters
#3

[eluser]jonnyjon[/eluser]
Yes, I found it in the config. It says if you allow all characters ... you are "insane".
#4

[eluser]Clooner[/eluser]
The question now is...

Are you insane %-P

I am just curious... Why would you need more characters?
#5

[eluser]jonnyjon[/eluser]
Well, why restrict things at all?
#6

[eluser]Clooner[/eluser]
[quote author="jonnyjon" date="1204451438"]Well, why restrict things at all?[/quote]

Maybe it is because of query injections
#7

[eluser]Derek Allard[/eluser]
The answer is immediately above the "you are insane" part.
Quote:| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
In general, the more paranoid you can be, the better. If you're just getting started with PHP/web application security, I'd encourage you to start reading around a bit more. 2 good topics to start on are XSS injection and SQL injection.

There are many more, but those are the "gateway" topics in my opinion. Good luck!




Theme © iAndrew 2016 - Forum software by © MyBB