• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Why does CI only allow certain values in the URL?

#1
[eluser]jonnyjon[/eluser]
Is there a reason why CI only allows certain characters in the URL?

#2
[eluser]Clooner[/eluser]
Security maybe. You can change this in the config if you want more characters

#3
[eluser]jonnyjon[/eluser]
Yes, I found it in the config. It says if you allow all characters ... you are "insane".

#4
[eluser]Clooner[/eluser]
The question now is...

Are you insane %-P

I am just curious... Why would you need more characters?

#5
[eluser]jonnyjon[/eluser]
Well, why restrict things at all?

#6
[eluser]Clooner[/eluser]
[quote author="jonnyjon" date="1204451438"]Well, why restrict things at all?[/quote]

Maybe it is because of query injections

#7
[eluser]Derek Allard[/eluser]
The answer is immediately above the "you are insane" part.
Quote:| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
In general, the more paranoid you can be, the better. If you're just getting started with PHP/web application security, I'd encourage you to start reading around a bit more. 2 good topics to start on are XSS injection and SQL injection.

There are many more, but those are the "gateway" topics in my opinion. Good luck!


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.