Published October 24th, 2007 by Jim O'Halloran

Building a Complete CodeIgniter Application: Part 3

I left you at the end of part 2 with the news that there was a large security hole in the work we’d done so far. Readers who’ve done a bit of web development in the past should recognise the vulnerability as cross site scripting (XSS) and might understand the problems XSS can create. In this part I want to discuss some common security problems, and the steps we need to take to eliminate those.

Understand that security is not a product but a process. We can’t buy security, we can’t develop our code and “bolt on” some security later. Effective security needs to be built into the product/project from the time it’s first written, and ongoing care and attention needs to be paid to making sure that every new line of code doesn’t compromise our security in some way. If you need evidence of that, there’s any number of Open Source CMS or forum products out there which were put together and released, and have struggled for many many releases (often with little success) to properly secure themselves against attack. Security in the applications we write is the result of education, awareness, care and attention to detail in every piece of code we write, secure code should be the result of the process we use to write our code, not an afterthought.

In the first two parts I’ve done a couple of things already which were security related, so lets first loop back and explain what we did and why. Then settle in while I explain cross site scripting (XSS) and we look at the HTML Purifier tool then apply it to the problem at hand. Finally I’ll talk about handling user logins and secure storage of passwords. Continue reading ‘Building a Complete CodeIgniter Application: Part 3′

| Post in CodeIgniter, FeedIgnition, PHP | 8 Comments

Published October 18th, 2007 by Jim O'Halloran

links for 2007-10-17

| Post in Links | 0 Comments

Published October 12th, 2007 by Jim O'Halloran

links for 2007-10-11

| Post in Links | 0 Comments

Published October 5th, 2007 by Jim O'Halloran

links for 2007-10-04

| Post in Links | 0 Comments

Published October 4th, 2007 by Jim O'Halloran

links for 2007-10-03

| Post in Links | 0 Comments

Published October 2nd, 2007 by Jim O'Halloran

links for 2007-10-01

| Post in Links | 0 Comments

Published September 30th, 2007 by Jim O'Halloran

links for 2007-09-29

| Post in Links | 0 Comments

Published September 29th, 2007 by Jim O'Halloran

links for 2007-09-28

| Post in Links | 0 Comments

Published September 27th, 2007 by Jim O'Halloran

links for 2007-09-26

| Post in Links | 0 Comments

Published September 23rd, 2007 by Jim O'Halloran

Building a Complete CodeIgniter Application: Part 2

This is the second installment in a series called “Building a Complete CodeIgniter application”. In this series I’ll walk readers through the construction of a complete AJAX application using the CodeIgniter framework. I’ve chosen to build a multi-user Feed Reader, which I’ll call “Feedignition”. Feed Readers seem to be the new “hello world”, and there’s good feed parsing libraries available which allow us to concentrate on the application itself without having to worry about the myriad of details involved in actually parsing of a feed. That leaves us free to explore a number of topics which will be of interest to anyone building applications with CodeIgniter.

In the last part of this series we created the foundations on which we’ll build the FeedIgnition aggregator. We installed the basic CI framework, and set up our database connections. When we finished up we have an app that did absolutely nothing, every possible URL resulted in a 404 error. However, this was necessary to give us a base on which we can build our feed reader, now we’ll get down to the nuts and bolts of actually building an app in CodeIgniter. Before we get started, you’ll need to make sure you’ve worked through part 1 and have CI + a database ready to go.
Continue reading ‘Building a Complete CodeIgniter Application: Part 2′

| Post in CodeIgniter, FeedIgnition, PHP | 12 Comments

« Previous Entries