Reputation: 1596
Securing app using CodeIngiter with AJAX requests
I'm currently using CodeIgniter to build a web app that uses heavy AJAX. I'm trying to see how I can improve the security of the site.
The current setup uses cookies and sessions to validate users. I'm most concerned about how to validate every POST request and that certain actions and values are valid for that specific logged-in user.
What is the best way to approach security and keeping with the best performance? I don't want to have to manually tailor every validation for a specific type of request.
Some options I've considered:
- Validation superclass that will be extended by all controllers
- Validation helpers
- Putting validation code in the index function and using index function to call certain private functions in controller.
Upvotes: 1
Views: 452
Answers (2)
Reputation: 6595
What you are concerned about is called Cross Site Request Forgery. CodeIgniter already has a facility built in to protect against it:
Upvotes: 1
Reputation: 50029
if you're using CI, it's best if you route all your requests through a master controller by extending all your controllers from a base controller(MY_Controller). This way, all the requests go through one single point of entry and you can simply check if the current session has the privileges needed to carry out the action.
Upvotes: 3
Related Questions
- Securing a Codeigniter Restful API accessed via Angular
- securing php code from ajax / javascript misuse
- Codeigniter URI routing and security
- protect ajax jquery
- Codeigniter security
- How to secure codeigniter functions in the controller?
- How to protect ajax methods called via jquery?
- Codeigniter AJAX CSRF protection
- secure the ajax calls to server side functions
- Guide for securing an ajax php webapp