Home >Backend Development >PHP Tutorial >Summary of CodeIgniter security related settings_PHP tutorial

Summary of CodeIgniter security related settings_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 10:26:32789browse

The CodeIgniter framework itself provides some security settings such as protection against XSS and CSRF attacks, protection against SQL injection attacks, etc.

In terms of configuration files:

In application/config/config.php

$config['encryption_key'] = '';//这个一定要设置 以加密自己的cookie等
$config['cookie_secure'] = TRUE;//设置为TRUE
/*
|--------------------------------------------------------------------------
| Global XSS Filtering全局XSS过滤设置为TRUE
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;
//防范csrf攻击
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'mall_tooken';
$config['csrf_cookie_name'] = 'mall_cookie';
$config['csrf_expire'] = 7200;//设置适当的时间

Open system/core/Input.php

Set $xss_clean in the get and post methods to true. Of course, if your site is safe, then don’t set it or set it explicitly when calling get or post to get parameters

Note during development:

1. Use

$this->input->get( 'name', true );

Instead of using $_GET[ 'name' ];

2. Use

$this->input->post( 'name', true );

Instead of using $_POST[ 'name' ];

3. Use ActiveRecord query statements instead of select statements

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/824652.htmlTechArticleThe CodeIgniter framework itself provides some security settings such as protection against XSS and CSRF attacks, protection against SQL injection attacks, etc. . As far as the configuration file is concerned: in application/config/config.ph...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn