RE: What are CodeIgniter security methods?
A} SQL Injection Prevention:
SQL injection is an attack made on database query. Genarally we are use mysql_real_escape_string() function to prevent SQL Injection.CodeIgniter provides inbuilt functions and libraries to prevent this.
We can prevent SQL Injection in CodeIgniter.Here are few ways to stop SQL Injection.
$username = $this->input->post(‘username’);
$query = ‘SELECT * FROM user_master WHERE user_name = ‘.
$sql = “SELECT * FROM user_master WHERE id = ? AND status = ? AND username = ?”;
$this->db->query($sql, array(1, ‘active’, ‘Aviance’));
Active Record Class:
(‘status’=> active’,’email’ => ‘firstname.lastname@example.org’));
B} Password Handling:
Numerous developers don’t realize how to deal with password in web applications, which is presumably why various hackers discover it so natural to break into the systems. One should remember the accompanying focuses while dealing with passwords:
- Don’t store passwords in plain-text format.
- Always do hash your passwords.
- Don’t use Base64 or similar encoding for storing passwords.
- Don’t use weak or broken hashing algorithms like MD5 or SHA1. Only use strong password hashing algorithms.
- Don’t ever display or send a password in plain-text format.