Welcome Guest, Not a member yet? Register   Sign In
Why does CI only allow certain values in the URL?

Is there a reason why CI only allows certain characters in the URL?

Security maybe. You can change this in the config if you want more characters

Yes, I found it in the config. It says if you allow all characters ... you are "insane".

The question now is...

Are you insane %-P

I am just curious... Why would you need more characters?

Well, why restrict things at all?

[quote author="jonnyjon" date="1204451438"]Well, why restrict things at all?[/quote]

Maybe it is because of query injections

[eluser]Derek Allard[/eluser]
The answer is immediately above the "you are insane" part.
Quote:| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
In general, the more paranoid you can be, the better. If you're just getting started with PHP/web application security, I'd encourage you to start reading around a bit more. 2 good topics to start on are XSS injection and SQL injection.

There are many more, but those are the "gateway" topics in my opinion. Good luck!

Theme © iAndrew 2016 - Forum software by © MyBB