FeedIgnition



Published October 24th, 2007 by Jim O'Halloran

Building a Complete CodeIgniter Application: Part 3

I left you at the end of part 2 with the news that there was a large security hole in the work we’d done so far. Readers who’ve done a bit of web development in the past should recognise the vulnerability as cross site scripting (XSS) and might understand the problems XSS can create. In this part I want to discuss some common security problems, and the steps we need to take to eliminate those.

Understand that security is not a product but a process. We can’t buy security, we can’t develop our code and “bolt on” some security later. Effective security needs to be built into the product/project from the time it’s first written, and ongoing care and attention needs to be paid to making sure that every new line of code doesn’t compromise our security in some way. If you need evidence of that, there’s any number of Open Source CMS or forum products out there which were put together and released, and have struggled for many many releases (often with little success) to properly secure themselves against attack. Security in the applications we write is the result of education, awareness, care and attention to detail in every piece of code we write, secure code should be the result of the process we use to write our code, not an afterthought.

In the first two parts I’ve done a couple of things already which were security related, so lets first loop back and explain what we did and why. Then settle in while I explain cross site scripting (XSS) and we look at the HTML Purifier tool then apply it to the problem at hand. Finally I’ll talk about handling user logins and secure storage of passwords. Continue reading ‘Building a Complete CodeIgniter Application: Part 3′

Published September 23rd, 2007 by Jim O'Halloran

Building a Complete CodeIgniter Application: Part 2

This is the second installment in a series called “Building a Complete CodeIgniter application”. In this series I’ll walk readers through the construction of a complete AJAX application using the CodeIgniter framework. I’ve chosen to build a multi-user Feed Reader, which I’ll call “Feedignition”. Feed Readers seem to be the new “hello world”, and there’s good feed parsing libraries available which allow us to concentrate on the application itself without having to worry about the myriad of details involved in actually parsing of a feed. That leaves us free to explore a number of topics which will be of interest to anyone building applications with CodeIgniter.

In the last part of this series we created the foundations on which we’ll build the FeedIgnition aggregator. We installed the basic CI framework, and set up our database connections. When we finished up we have an app that did absolutely nothing, every possible URL resulted in a 404 error. However, this was necessary to give us a base on which we can build our feed reader, now we’ll get down to the nuts and bolts of actually building an app in CodeIgniter. Before we get started, you’ll need to make sure you’ve worked through part 1 and have CI + a database ready to go.
Continue reading ‘Building a Complete CodeIgniter Application: Part 2′

Published September 10th, 2007 by Jim O'Halloran

Building a Complete CodeIgniter Application

Over the coming weeks/months I’m going to write a series of blog posts describing the construction of a complete AJAX application using the CodeIgniter framework. I’ve chosen to build a multi-user Feed Reader, which I’ll call “Feedignition”. Feed Readers seem to be the new “hello world”, and there’s good feed parsing libraries available which allow us to concentrate on the application itself without having to worry about the myriad of details involved in actually parsing of a feed. That leaves us free to explore a number of topics which will be of interest to anyone building applications with CodeIgniter.

I’ll assume you’re familiar with PHP programming, and have a PHP development environment already set up on your machine, including web server, MySQL database, and so forth.

I’ll post the series in parts as I write it, but I won’t commit to a schedule for new parts. All code in this series (including the final product) is released under the terms of the GNU GPL.

If you’re not subscribed to one of my RSS feeds, check back here for new parts of the series. I’ll update this post wnenever new parts have been posted.

Published September 10th, 2007 by Jim O'Halloran

Building a Complete CodeIgniter Application: Part 1

Over the coming weeks/months I’m going to write a series of blog posts describing the construction of a complete AJAX application using the CodeIgniter framework. I’ve chosen to build a multi-user Feed Reader, which I’ll call “Feedignition”. Feed Readers seem to be the new “hello world”, and there’s good feed parsing libraries available which allow us to concentrate on the application itself without having to worry about the myriad of details involved in actually parsing of a feed. That leaves us free to explore a number of topics which will be of interest to anyone building applications with CodeIgniter.

I’ll assume you’re familiar with PHP programming, and have a PHP development environment already set up on your machine, including web server, MySQL database, and so forth.

I’ll post the series in parts as I write it, but I won’t commit to a schedule for new parts. All code in this series (including the final product) is released under the terms of the GNU GPL.

Lets get started, with part 1!

Basic Configuration

Before we can dive into the application itself we need to get a basic development environment up and running. I’m developing on a Linux machine using Apache 2.2, PHP 5.2, and MySQL 5.0. If you’re on Windows the easiest way to get up and running would be to download XAMPP from ApacheFriends.org. Most of the CI video tutorials skip over this bit and start off where this part finishes up, but preparation is very important so I figure we should start at the beginning.
Continue reading ‘Building a Complete CodeIgniter Application: Part 1′