Tutorialsplane

Codeigniter Security Class Library


Codeigniter Security Class Library -This library provide various functions that are used to create a secure application and processing input data for security. This class is also automatically loaded by the system that’s why no need to load manually. Here in this tutorial, we are going to explain how to use security class library.

Codeigniter security class library | Example

Let us understand how security class library works in codeigniter with examples.

Functions:-

Codeigniter security class library provide three types of method.

1. XSS Filtering.

Here is simple demo of XSS filtering.

Codiegniter come with a cross site scripting filter, which is commonly used technique to trigger, javascript or other type of code. It is also use to filter data through XSS filter.

Example of XSS filtering

<?php defined('BASEPATH') OR exit('No direct script access allowed');
class xss_controller extends CI_Controller 
{
public function xssSecurity()
{
$str = "Tutorialsplane.com";
$data = $this-?>security->xss_clean($str);
echo $data;
if ($this->security->xss_clean($str, TRUE) === FALSE)
{
echo "file failed the XSS test";
}
else
{
return true;
}}}
?>

Output will be like this:-

2. Cross-site request forgery (CSRF).

Here is simple demo of cross-site request forgery (CSRF).

We can enable csrf protechtion from application/config/config.php file.

Example of Cross-site request forgery (CSRF).

<?php defined('BASEPATH') OR exit('No direct script access allowed');
class xss_controller extends CI_Controller 
{
public function csrfdisplay()
{		
$csrf = array(
'name' =?> $this->security->get_csrf_token_name('ram'),
'hash' => $this->security->get_csrf_hash('gff'));
print_r($csrf);
}	
}
?>

Output will be like this:-

Class reference:-

There are various references available in security class library. Now we will explain.

1. XSS clean.

This reference try to remove XSS program from the input data and return cleaned string.

xss_clean($str[$is_image = FALSE])

2. Sanitize filename.

This reference Try to sanitize filename in order to prevent directory traversal attempt and other security threats, which is particularly useful for file that was supplied by user input.

sanitize_filename($str[$relative_path = FALSE])

3. Get csrf token name.

This reference return the csrf token name.

get_csrf_token_name()

4. Get csrf hash.

This reference return the csrf hash value.

get_csrf_hash()

5. Entity decode.

This reference try to detect HTML entities.

entity_decode($str[$charset = NULL])

6. Get random bytes.

This reference is used to CSRF and XSS tokens.

get_random_bytes($length)

Models

Connect Database

Helpers

Libraries

Helper Reference

Library Reference

Database Reference