From 1f622294b92c095fd91e8ca44912d405c1605ded Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Thu, 7 Apr 2011 12:06:51 -0400 Subject: Wow, I screwed that up, Reactor is going to 2.0.2 not 2.0.1 --- user_guide/general/security.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide/general/security.html') diff --git a/user_guide/general/security.html b/user_guide/general/security.html index c47b5b25e..ab92a94ba 100644 --- a/user_guide/general/security.html +++ b/user_guide/general/security.html @@ -28,7 +28,7 @@
- +

CodeIgniter User Guide Version 2.0.1

CodeIgniter User Guide Version 2.0.2
-- cgit v1.2.3-24-g4f1b From 114ab0988e20ac6be39ad363ff897a1a3b85e565 Mon Sep 17 00:00:00 2001 From: Razican Date: Mon, 25 Apr 2011 17:26:45 +0200 Subject: Fixed double-space typo. --- user_guide/general/security.html | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'user_guide/general/security.html') diff --git a/user_guide/general/security.html b/user_guide/general/security.html index ab92a94ba..bcbb36c6f 100644 --- a/user_guide/general/security.html +++ b/user_guide/general/security.html @@ -64,7 +64,7 @@ CodeIgniter's internal security features.

URI Security

CodeIgniter is fairly restrictive regarding which characters it allows in your URI strings in order to help -minimize the possibility that malicious data can be passed to your application. URIs may only contain the following: +minimize the possibility that malicious data can be passed to your application. URIs may only contain the following:

    @@ -79,7 +79,7 @@ minimize the possibility that malicious data can be passed to your application.

    GET, POST, and COOKIE Data

    GET data is simply disallowed by CodeIgniter since the system utilizes URI segments rather than traditional URL query strings (unless -you have the query string option enabled in your config file). The global GET +you have the query string option enabled in your config file). The global GET array is unset by the Input class during system initialization.

    Register_globals

    @@ -91,18 +91,18 @@ routine is effectively the same as register_globals = off.

    error_reporting

    - In production environments, it is typically desirable to disable PHP's - error reporting by setting the internal error_reporting flag to a value of 0. This disables native PHP - errors from being rendered as output, which may potentially contain - sensitive information. + In production environments, it is typically desirable to disable PHP's + error reporting by setting the internal error_reporting flag to a value of 0. This disables native PHP + errors from being rendered as output, which may potentially contain + sensitive information.

    - Setting CodeIgniter's ENVIRONMENT constant in index.php to a - value of 'production' will turn off these errors. In development - mode, it is recommended that a value of 'development' is used. - More information about differentiating between environments can be found - on the Handling Environments page. + Setting CodeIgniter's ENVIRONMENT constant in index.php to a + value of 'production' will turn off these errors. In development + mode, it is recommended that a value of 'development' is used. + More information about differentiating between environments can be found + on the Handling Environments page.

    magic_quotes_runtime

    @@ -117,7 +117,7 @@ XML-RPC data, or even data from the SERVER array, you are encouraged to practice
    1. Filter the data as if it were tainted.
      2. -
    2. Validate the data to ensure it conforms to the correct type, length, size, etc. (sometimes this step can replace step one)
      3. +
    3. Validate the data to ensure it conforms to the correct type, length, size, etc. (sometimes this step can replace step one)
    4. Escape the data before submitting it into your database.
    @@ -127,7 +127,7 @@ XML-RPC data, or even data from the SERVER array, you are encouraged to practice

  • XSS Filtering

    -

    CodeIgniter comes with a Cross Site Scripting filter. This filter looks for commonly +

    CodeIgniter comes with a Cross Site Scripting filter. This filter looks for commonly used techniques to embed malicious Javascript into your data, or other types of code that attempt to hijack cookies or do other malicious things. The XSS Filter is described here.

    -- cgit v1.2.3-24-g4f1b From 25d495b4a2598f771a858108a2cd2e96f0130412 Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Tue, 26 Apr 2011 23:02:44 -0400 Subject: Removed the GET, POST, and COOKIE Data from security since we now allow $_GET data. Fixes #48 --- user_guide/general/security.html | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'user_guide/general/security.html') diff --git a/user_guide/general/security.html b/user_guide/general/security.html index bcbb36c6f..31dd7978c 100644 --- a/user_guide/general/security.html +++ b/user_guide/general/security.html @@ -76,15 +76,9 @@ minimize the possibility that malicious data can be passed to your application.
  • Dash: -
-

GET, POST, and COOKIE Data

- -

GET data is simply disallowed by CodeIgniter since the system utilizes URI segments rather than traditional URL query strings (unless -you have the query string option enabled in your config file). The global GET -array is unset by the Input class during system initialization.

-

Register_globals

-

During system initialization all global variables are unset, except those found in the $_POST and $_COOKIE arrays. The unsetting +

During system initialization all global variables are unset, except those found in the $_GET, $_POST, and $_COOKIE arrays. The unsetting routine is effectively the same as register_globals = off.

-- cgit v1.2.3-24-g4f1b