Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding CMS Running checks for cms

Thread Rating:
  • 656 Vote(s) - 3.49 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
Running checks for cms

Offline cayuga660


Member
*
Member
Posts: 0
Threads: 0
Joined: Aug 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-20-2023, 12:27 AM
I'm developing a decent looking `CMS` with the `PHP framework` called `Codeigniter`. I'm doing checks on the every page that's inside the control panel to verify there is a session available and that the user id in the session is what is to be expected of a user id. I also verify that the user id does match one of the users in the database and I use that to gather user data and find out if data is returned about the user. I am curious to know what other kind of checks should I do to ensure a safe environment for my users and to protect my cms site. Any ideas?

Reply

Offline squashily310308


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: May 2022
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-20-2023, 12:49 AM
A few things you can do by just editing your CI `config.php` file, set the following to `TRUE`:

$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_match_ip'] = TRUE;
$config['sess_match_useragent'] = TRUE;
//you may want to set the below to true (it's optional)
$config['global_xss_filtering'] = TRUE;

Also, I would recommend reading CI's [**Security**][1] and [**Session**][2] docs to make sure that you are utilizing them the way CodeIgniter intended.


[1]:

[To see links please register here]

[2]:

[To see links please register here]

Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through