CodeIgniter Interview Questions

What is a token method in a CSRF attack?

Post Views: 37,730 To protect from CSRF, we need to connect both HTTP requests, form request and form submission. There are several ways to do this, but in CodeIgniter hidden field is used which is called the CSRF token. The CSRF token is a random value that changes with every HTTP request sent. With each request, a new CSRF token is generated. When an object is created, name and value of the token are set. $this->csrf_cookie_name = $this->csrf_token_name; $this->_csrf_set_hash(); The…

Read More

What is CSRF attack in CodeIgniter?

Post Views: 37,724 A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including victim’s session cookie and other authentication information, to a web application. For example, suppose you have a site with a form. An attacker could create a bogus form on his site. This form could contain hidden inputs and malicious data. This form is not sent to the attacker’s site, in fact, it comes to your site. Thinking that the form is genuine,…

Read More

How can the CodeIgniter be prevented from CSRF?

Post Views: 37,717 There are the various ways by which, we can prevent CodeIgniter from CSRF. The most used method is using the hidden field in each page of the website. The hidden field is stored in the user’s session. The filed is changed with every HTTP request. The user can be detected in its every request to the website. The hidden value is always compared with the one saved in the session. If it is the same, the request…

Read More

What are the XSS security parameters?

Post Views: 37,715 XSS stands for cross-site scripting. Codeigniter contains a cross-site scripting hack prevention filter. The XSS filter targets methods to trigger JavaScript or other types of suspicious code. If it detects anything, it converts the data to character entities. XSS filtering uses xss_clean() method to filer data. $data = $this->security->xss_clean($data); There is an optional second parameter, is_image, which is used to test images for XSS attacks. When this parameter is set to TRUE, it doesn’t return an altered…

Read More