Welcome Guest, Not a member yet? Register   Sign In
does CI provide 'out-of-the box' sollutions for xss and sql injection?
#1

[eluser]ICEcoffee[/eluser]
Hi all.

I just wondered what security features CI provides 'out of the box', and what I still have to be mindful of in my coding, ie includes, uri injections, defined variables.

Thanks for help.
#2

[eluser]Pascal Kriete[/eluser]
Needless to say you should always be mindful. User input is the devil, no matter what you develop with.

That said, CodeIgniter provides tools to help you. There is a cleaning function to prevent cross-site scripting. Found here. And if you use active record it automatically escapes queries, so that is covered as well.

Good practices go a long way. A numbers field shouldn't accept strings. Names don't have html entities in them. Basic checks like that can make a huge difference.
#3

[eluser]ICEcoffee[/eluser]
Quote:Needless to say you should always be mindful.

I just knew I'd get a reply with an obvious statement like this (no sarcasm intended), but I'm grateful for any help and insight.

what about form validation? please excuse me if this is covered in the user guide. Believe me, I do (on occasion) RTFM.
#4

[eluser]Vince Stross[/eluser]
Well then - in this case - I would have to say, "RTFM" Wink

Validation (as well as XSS) is well documented. The rest was well answered by Inparo.
#5

[eluser]Référencement Google[/eluser]
[quote author="ICEcoffee" date="1211407942"]I just knew I'd get a reply with an obvious statement like this[/quote]

Then you should have said before that you was not expecting that kind of newbie answer and without hurting you, your remark quoted above isn't welcomed while somebody is trying to help you.

That said, I second Inparo's answer, he is exactly talking about form validation, that's the only thing I see you should really care of. Of course also, all the basics and fundamentals about server security and PHP programing must apply. The framework is secure while it is used in a clever way, but like all frameworks, you can compromise its security by doing stupid things (like for example storing clear passwords in a database)
#6

[eluser]ICEcoffee[/eluser]
OK, OK. ALRIGHT already. I'm off to RTFM.

Thanks for the beating. :red:




Theme © iAndrew 2016 - Forum software by © MyBB