From f1ca865e0a7aea02061be5d59a49b2a222a27085 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 24 Feb 2015 20:25:16 +0200 Subject: [ci skip] Add a note about pbkdf2 in security guide --- user_guide_src/source/general/security.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'user_guide_src/source/general') diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst index 0c58f96b4..efc821f2b 100644 --- a/user_guide_src/source/general/security.rst +++ b/user_guide_src/source/general/security.rst @@ -133,6 +133,10 @@ with that. Please read below. provides them for you as long as you're running at least PHP version 5.3.7 (and if you don't meet that requirement - please, upgrade). + If you're one of the really unlucky people who can't even upgrade to a + more recent PHP version, use `hash_pbkdf() `, + which we also provide in our compatibility layer. + - DO NOT ever display or send a password in plain-text format! Even to the password's owner, if you need a "Forgotten password" -- cgit v1.2.3-24-g4f1b From b011716ecce4ac8f28aad08fa4ed824102ff2cd2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 21 Mar 2015 12:18:10 +0200 Subject: [ci skip] Remove an obsolete note about references Close #3686 --- user_guide_src/source/general/ancillary_classes.rst | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) (limited to 'user_guide_src/source/general') diff --git a/user_guide_src/source/general/ancillary_classes.rst b/user_guide_src/source/general/ancillary_classes.rst index 6a64742ce..f1285d931 100644 --- a/user_guide_src/source/general/ancillary_classes.rst +++ b/user_guide_src/source/general/ancillary_classes.rst @@ -11,7 +11,8 @@ get_instance() .. php:function:: get_instance() - :returns: object of class CI_Controller + :returns: Reference to your controller's instance + :rtype: CI_Controller **Any class that you instantiate within your controller methods can access CodeIgniter's native resources** simply by using the @@ -44,17 +45,9 @@ Once you've assigned the object to a variable, you'll use that variable $CI->config->item('base_url'); // etc. -.. note:: You'll notice that the above get_instance() ``function`` is being - passed by reference:: - - $CI =& get_instance(); - - This is very important. Assigning by reference allows you to use the - original CodeIgniter object rather than creating a copy of it. - -Furthermore, if you'll be using ``get_instance()`` inside another class, -then it would be better if you assign it to a property. This way, you -won't need to call ``get_instance()`` in every single method. +If you'll be using ``get_instance()`` inside another class, then it would +be better if you assign it to a property. This way, you won't need to call +``get_instance()`` in every single method. Example:: @@ -80,9 +73,8 @@ Example:: { $this->CI->config->item('base_url'); } - } In the above example, both methods ``foo()`` and ``bar()`` will work after you instantiate the Example class, without the need to call -``get_instance()`` in each of them. \ No newline at end of file +``get_instance()`` in each of them. -- cgit v1.2.3-24-g4f1b From bd2a7e4062fd97017c5b16beddc15b0c7fc38210 Mon Sep 17 00:00:00 2001 From: Master Yoda Date: Wed, 25 Mar 2015 02:36:31 -0700 Subject: Fixed user guide internal & external links to resolve problems reported by sphinx "make linkcheck" Signed-off-by:Master Yoda --- user_guide_src/source/general/credits.rst | 8 ++++---- user_guide_src/source/general/environments.rst | 4 ++-- user_guide_src/source/general/requirements.rst | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) (limited to 'user_guide_src/source/general') diff --git a/user_guide_src/source/general/credits.rst b/user_guide_src/source/general/credits.rst index d22e3a9bc..d0f14b3bd 100644 --- a/user_guide_src/source/general/credits.rst +++ b/user_guide_src/source/general/credits.rst @@ -2,17 +2,17 @@ Credits ####### -CodeIgniter was originally developed by `Rick Ellis `_ -(CEO of `EllisLab, Inc. `_). The framework was written for +CodeIgniter was originally developed by `Rick Ellis `_ +(CEO of `EllisLab, Inc. `_). The framework was written for performance in the real world, with many of the class libraries, helpers, and sub-systems borrowed from the code-base of `ExpressionEngine -`_. +`_. It was, for years, developed and maintained by EllisLab, the ExpressionEngine Development Team and a group of community members called the Reactor Team. In 2014, CodeIgniter was acquired by the `British Columbia Institute of Technology -`_ and was then officially announced as a community-maintained +`_ and was then officially announced as a community-maintained project. Bleeding edge development is spearheaded by the handpicked contributors diff --git a/user_guide_src/source/general/environments.rst b/user_guide_src/source/general/environments.rst index 1ce4fde3a..f5a4f617e 100644 --- a/user_guide_src/source/general/environments.rst +++ b/user_guide_src/source/general/environments.rst @@ -48,5 +48,5 @@ Configuration Files Optionally, you can have CodeIgniter load environment-specific configuration files. This may be useful for managing things like differing API keys across multiple environments. This is described in -more detail in the environment section of the `Config -Class <../libraries/config.html#environments>`_ documentation. \ No newline at end of file +more detail in the environment section of the :doc:`Config +Class <../libraries/config#environments>`_ documentation. \ No newline at end of file diff --git a/user_guide_src/source/general/requirements.rst b/user_guide_src/source/general/requirements.rst index e3f73dba8..f90cdd30d 100644 --- a/user_guide_src/source/general/requirements.rst +++ b/user_guide_src/source/general/requirements.rst @@ -2,7 +2,7 @@ Server Requirements ################### -`PHP `_ version 5.4 or newer is recommended. +`PHP `_ version 5.4 or newer is recommended. It should work on 5.2.4 as well, but we strongly advise you NOT to run such old versions of PHP, because of potential security and performance -- cgit v1.2.3-24-g4f1b From a8c499d0125b2e96f7f3c539f6b46cff7547aa80 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 31 Mar 2015 15:01:36 +0300 Subject: [ci skip] Update security recommendations --- user_guide_src/source/general/security.rst | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'user_guide_src/source/general') diff --git a/user_guide_src/source/general/security.rst b/user_guide_src/source/general/security.rst index efc821f2b..fcfe4c24b 100644 --- a/user_guide_src/source/general/security.rst +++ b/user_guide_src/source/general/security.rst @@ -143,11 +143,15 @@ with that. Please read below. feature, just randomly generate a new, one-time (this is also important) password and send that instead. -- DO NOT put artificial limits on your users' passwords. +- DO NOT put unnecessary limits on your users' passwords. - There's no point in forcing a rule that a password can only be up to - a number of characters, or that it can't contain a certain set of - special characters. + If you're using a hashing algorithm other than BCrypt (which has a limit + of 72 characters), you should set a relatively high limit on password + lengths in order to mitigate DoS attacks - say, 1024 characters. + + Other than that however, there's no point in forcing a rule that a + password can only be up to a number of characters, or that it can't + contain a certain set of special characters. Not only does this **reduce** security instead of improving it, but there's literally no reason to do it. No technical limitations and -- cgit v1.2.3-24-g4f1b