diff options
author | darwinel <kmorssink@gmail.com> | 2014-02-09 01:26:26 +0100 |
---|---|---|
committer | darwinel <kmorssink@gmail.com> | 2014-02-09 01:26:26 +0100 |
commit | 06f43faefd0f212447b9776718ec61c5ebc6de61 (patch) | |
tree | ca4c9cadffab7d4e20eb80ea21562525127ba320 | |
parent | 1993aab7798282a1af7960e88a5c3835c79d4932 (diff) |
CodeIgniter support some basic web security by default!
I think its better to enable this basic security options by default.
It’s more likely that users who build a new website or application from
ground up, and use CodeIgniter can get used to this and eventually turn
this off. From a web security perspective, we can support a more secure
web, by default! Who agrees?
-rw-r--r-- | application/config/config.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/application/config/config.php b/application/config/config.php index ae748defd..4ee87ae24 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -302,11 +302,11 @@ $config['sess_driver'] = 'cookie'; $config['sess_valid_drivers'] = array(); $config['sess_cookie_name'] = 'ci_session'; $config['sess_expiration'] = 7200; -$config['sess_expire_on_close'] = FALSE; -$config['sess_encrypt_cookie'] = FALSE; +$config['sess_expire_on_close'] = TRUE; +$config['sess_encrypt_cookie'] = TRUE; $config['sess_use_database'] = FALSE; $config['sess_table_name'] = 'ci_sessions'; -$config['sess_match_ip'] = FALSE; +$config['sess_match_ip'] = TRUE; $config['sess_match_useragent'] = TRUE; $config['sess_time_to_update'] = 300; @@ -351,7 +351,7 @@ $config['standardize_newlines'] = TRUE; | COOKIE data is encountered | */ -$config['global_xss_filtering'] = FALSE; +$config['global_xss_filtering'] = TRUE; /* |-------------------------------------------------------------------------- |