Home >Backend Development >PHP Tutorial >Summary of CodeIgniter security related settings_PHP tutorial
The CodeIgniter framework itself provides some security settings such as protection against XSS and CSRF attacks, protection against SQL injection attacks, etc.
In terms of configuration files:
In application/config/config.php
$config['encryption_key'] = '';//这个一定要设置 以加密自己的cookie等 $config['cookie_secure'] = TRUE;//设置为TRUE /* |-------------------------------------------------------------------------- | Global XSS Filtering全局XSS过滤设置为TRUE |-------------------------------------------------------------------------- | | Determines whether the XSS filter is always active when GET, POST or | COOKIE data is encountered | */ $config['global_xss_filtering'] = TRUE; //防范csrf攻击 $config['csrf_protection'] = TRUE; $config['csrf_token_name'] = 'mall_tooken'; $config['csrf_cookie_name'] = 'mall_cookie'; $config['csrf_expire'] = 7200;//设置适当的时间
Open system/core/Input.php
Set $xss_clean in the get and post methods to true. Of course, if your site is safe, then don’t set it or set it explicitly when calling get or post to get parameters
Note during development:
1. Use
$this->input->get( 'name', true );
Instead of using $_GET[ 'name' ];
2. Use
$this->input->post( 'name', true );
Instead of using $_POST[ 'name' ];
3. Use ActiveRecord query statements instead of select statements