Home > Backend Development > PHP Tutorial > CodeIgniter安全相关设置汇总_PHP

CodeIgniter安全相关设置汇总_PHP

WBOY
Release: 2016-06-01 11:52:10
Original
710 people have browsed it

CI框架

CodeIgniter框架自身提供了一些安全设置如针对XSS和CSRF攻击的防范,针对SQL注入攻击的防范等。

就配置文件而言:

在application/config/config.php中

$config['encryption_key'] = '';//这个一定要设置 以加密自己的cookie等
$config['cookie_secure'] = TRUE;//设置为TRUE
/*
|--------------------------------------------------------------------------
| Global XSS Filtering全局XSS过滤设置为TRUE
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;
//防范csrf攻击
$config['csrf_protection'] = TRUE;
$config['csrf_token_name'] = 'mall_tooken';
$config['csrf_cookie_name'] = 'mall_cookie';
$config['csrf_expire'] = 7200;//设置适当的时间
Copy after login

打开system/core/Input.php

将get和post方法中的$xss_clean设置为true 当然你的站点如果是安全无所谓的 那就不设置或是在调用get或是post取参数时明确设置就可以了

开发中需要注意:

1.使用

$this->input->get( 'name', true );
Copy after login

而不使用$_GET[ 'name' ];

2.使用

$this->input->post( 'name', true );
Copy after login

而不使用$_POST[ 'name' ];

3.使用ActiveRecord查询语句而尽量不用select之类的语句

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template