CodeIgniter Security Enhancement

Easier the framework , more the chance of security loopholes. In order to enhance the security of CodeIgniter project , there are some methods you can use.

Method 1:

Have you ever checked that CodeIgniter files are  easily accessible from browser when you hit url directly.

ExampleIf you hit www.test.com/application/models/test.php on browser, then you can see test.php file runs

To prevent the direct access of your file you can write  one line on the top of your each file.

 

Method 2:

In CodeIgniter, there is biggest loophole that when try to access of files & folders of some directory from browsers it will list all files and folders inside the directory.

Example – Hit www.test.com/assets/images/ you can see all image files inside the images directory.

To prevent from this hack change the .htaccess file as –

 

Method 3:

In order to increase the security in your project move both the system and any application folders above web root so that they are not directly accessible via a browser.   After moving them, open your main index.php file and change the system and application folder path ,

 

you can also move view folder outside the application folder  and change the view folder location in index.php file.

It’s always a good practice to create a virtual host whenever you start working on new project. Check out our blog for the same here.

Happy Coding 🙂

Leave a Reply