Technical Interview Questions
To protect from CSRF, we need to connect both HTTP requests, form request and form submission. There are several ways to do this, but in CodeIgniter hidden field is used which is called the CSRF token. The CSRF token is a random value that changes with every HTTP request sent. With each request, a new … Read more
A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including victim’s session cookie and other authentication information, to a web application. For example, suppose you have a site with a form. An attacker could create a bogus form on his site. This form could contain hidden inputs and malicious data. … Read more
You can enable protection by editing config.php file and setting it to To enable CSRF make the following statement TRUE from FALSE in application/config/config.php file. $config[‘csrf_protection’] = TRUE; In CodeIgniter, CSRF (Cross-Site Request Forgery) protection can be enabled by following these steps: Enable CSRF Protection in Config File: Ensure that CSRF protection is enabled in … Read more
There are the various ways by which, we can prevent CodeIgniter from CSRF. The most used method is using the hidden field in each page of the website. The hidden field is stored in the user’s session. The filed is changed with every HTTP request. The user can be detected in its every request to … Read more
XSS stands for cross-site scripting. Codeigniter contains a cross-site scripting hack prevention filter. The XSS filter targets methods to trigger JavaScript or other types of suspicious code. If it detects anything, it converts the data to character entities. XSS filtering uses xss_clean() method to filer data. $data = $this->security->xss_clean($data); There is an optional second parameter, … Read more