Home > Backend Development > PHP Tutorial > Summary of CodeIgniter security related settings_PHP tutorial

Summary of CodeIgniter security related settings_PHP tutorial

WBOY
Release: 2016-07-13 10:26:32
Original
797 people have browsed it

The CodeIgniter framework itself provides some security settings such as protection against XSS and CSRF attacks, protection against SQL injection attacks, etc.

In terms of configuration files:

In application/config/config.php

$config['encryption_key'] = '';//这个一定要设置 以加密自己的cookie等
$config['cookie_secure'] = TRUE;//设置为TRUE
/*
|--------------------------------------------------------------------------
| Global XSS Filtering全局XSS过滤设置为TRUE
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;
//防范csrf攻击
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'mall_tooken';
$config['csrf_cookie_name'] = 'mall_cookie';
$config['csrf_expire'] = 7200;//设置适当的时间
Copy after login

Open system/core/Input.php

Set $xss_clean in the get and post methods to true. Of course, if your site is safe, then don’t set it or set it explicitly when calling get or post to get parameters

Note during development:

1. Use

$this->input->get( 'name', true );
Copy after login

Instead of using $_GET[ 'name' ];

2. Use

$this->input->post( 'name', true );
Copy after login

Instead of using $_POST[ 'name' ];

3. Use ActiveRecord query statements instead of select statements

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/824652.htmlTechArticleThe CodeIgniter framework itself provides some security settings such as protection against XSS and CSRF attacks, protection against SQL injection attacks, etc. . As far as the configuration file is concerned: in application/config/config.ph...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template