CodeIgniter

Setup

  1. Download CodeIgniter
  2. Place the folder into apache htdoc, delete the “user_guide” folder.
  3. Copy .htaccess to root directory to remove index.php in URL, also edit $config[‘index_page’].
  4. Edit config.php to set timezone, base_url, encryption key, session, cookie, etc.
  5. Setting CodeIgniter’s ENVIRONMENT constant in index.php to a value of ‘production’ before publishing.

Links

http://www.codeigniter.com/user_guide/general/security.html

http://www.codeigniter.com/user_guide/libraries/security.html

http://www.codeigniter.com/user_guide/database/queries.html

Web security with CodeIgniter

URL Security: http://www.codeigniter.com/user_guide/general/security.html#uri-security

XSS attacks: xss-filtering

$data = $this->security->xss_clean($data);

Bitmap injection:

if ($this->security->xss_clean($file, TRUE) === FALSE)
{
// file failed the XSS test
}

The function returns TRUE if the image is safe, and FALSE if it contained potentially malicious information that a browser may attempt to execute.

SQL injection: escaping-queries

The secondary benefit of using binds is that the values are automatically escaped, producing safer queries. You don’t have to remember to manually escape data; the engine does it automatically for you.

发表评论