CodeIgniter Security Related Settings Summary

The CodeIgniter framework itself provides some security settings, such as the prevention against XSS and CSRF attacks, and the prevention against SQL injection attacks.

For configuration files:

In application/config/config. php

$config['encryption_key'] = '';// This 1 Be sure to set   To encrypt your own cookie Etc 
$config['cookie_secure'] = TRUE;// Set to TRUE
/*
|--------------------------------------------------------------------------
| Global XSS Filtering Global XSS Filter set to TRUE
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;
// Prevention csrf Attack 
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'mall_tooken';
$config['csrf_cookie_name'] = 'mall_cookie';
$config['csrf_expire'] = 7200;// Set the appropriate time 

Open system/core/Input. php

Set $xss_clean in get and post to true. Of course, if your site is safe, don't set it or set it explicitly when calling get or post to take parameters.

Attention should be paid to the following in development:

STEP 1 Use

$this->input->get( 'name', true );

Instead of using $_ GET ['name'];

STEP 2 Use

$this->input->post( 'name', true );

Instead of using $_ POST ['name'];

3. Use ActiveRecord query statements and try not to use statements like select