summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
authordarwinel <kmorssink@gmail.com>2014-02-09 01:26:26 +0100
committerdarwinel <kmorssink@gmail.com>2014-02-09 01:26:26 +0100
commit06f43faefd0f212447b9776718ec61c5ebc6de61 (patch)
treeca4c9cadffab7d4e20eb80ea21562525127ba320 /application
parent1993aab7798282a1af7960e88a5c3835c79d4932 (diff)
CodeIgniter support some basic web security by default!
I think its better to enable this basic security options by default. It’s more likely that users who build a new website or application from ground up, and use CodeIgniter can get used to this and eventually turn this off. From a web security perspective, we can support a more secure web, by default! Who agrees?
Diffstat (limited to 'application')
-rw-r--r--application/config/config.php8
1 files changed, 4 insertions, 4 deletions
diff --git a/application/config/config.php b/application/config/config.php
index ae748defd..4ee87ae24 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -302,11 +302,11 @@ $config['sess_driver'] = 'cookie';
$config['sess_valid_drivers'] = array();
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
-$config['sess_expire_on_close'] = FALSE;
-$config['sess_encrypt_cookie'] = FALSE;
+$config['sess_expire_on_close'] = TRUE;
+$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
-$config['sess_match_ip'] = FALSE;
+$config['sess_match_ip'] = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
@@ -351,7 +351,7 @@ $config['standardize_newlines'] = TRUE;
| COOKIE data is encountered
|
*/
-$config['global_xss_filtering'] = FALSE;
+$config['global_xss_filtering'] = TRUE;
/*
|--------------------------------------------------------------------------