Ensuring that your application is as secure as is humanly possible is no mean feat. There are so many that ways your application can be compromised that it's often difficult to keep your application locked down all of the time. However, there are steps that you can easily take to reduce the chances of anybody with some technical knowledge to gain unauthorized access to your application, or parts of or all of your databases.
CodeIgniter handles some of these steps, and you won't need to do anything to make use of them; they'll always be there. However, some of its defenses need to be turned on, or an action needs to happen for you to take full advantage of them. We have already touched upon this with the XSS Filter: it can be turned on permanently or it can be used on a case-by-case basis for each form field.
We will discuss the following topics in this chapter:
URI security
Global security
Filtering data
Password salting
Database security
Cross-site scripting