From 9805ecce97dbd3f60891c19f27111f75851bd666 Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Sun, 16 Jan 2011 23:35:16 -0500 Subject: Added access scope to security library and added config options for csrf protection --- application/config/config.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'application') diff --git a/application/config/config.php b/application/config/config.php index 5c6cc0aec..e22199685 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -286,9 +286,15 @@ $config['global_xss_filtering'] = FALSE; | Enables a CSRF cookie token to be set. When set to TRUE, token will be | checked on a submitted form. If you are accepting user data, it is strongly | recommended CSRF protection be enabled. +| +| 'csrf_token_name' = The token name +| 'csrf_cookie_name' = The cookie name +| 'csrf_expire' = The number in seconds the token should expire. */ -$config['csrf_protection'] = FALSE; - +$config['csrf_protection'] = TRUE; +$config['csrf_token_name'] = 'csrf_test_name'; +$config['csrf_cookie_name'] = 'csrf_cookie_name'; +$config['csrf_expire'] = 7200; /* |-------------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b