Whatever you are programming, your two main priorities are security and maintainability; this is to say that your application should be as secure as is necessary and should be written in such a way that someone else can easily program and extend on what you're doing. I can't discuss maintainability—that's up to you—but I can give you guidance on CodeIgniter and security.
However, I should say that no security is 100 percent foolproof. Even banks and security agencies that spend hundreds of millions on systems still get hacked, so what chance do we have? Well, the best we can do is try to reduce the opportunity that someone might do something that could compromise our code or database.
You should move your system folder out of your web root. This is to make it as hard as possible for anything other than the web server to access. Take a look at the line in the main index.php file:
$system_path = 'system';
Make sure that you amend the preceding line to this:
$system_path = '../system';So, if we moved the system folder out of the web root one level higher, we would use the../ convention, prepending it to system.
Obviously you don't want to actually display error messages to the outside world. Over time, everyone will gain an understanding of the architecture of your site and where its weaknesses are, especially if you allow SQL errors to be displayed in a production environment.
For this reason, you should change the environment variable in the main index.php file from development to production. This will suppress the reporting errors; 404 and 500 errors will still be caught and displayed normally but SQL errors and other similar errors will be suppressed.
For this, look at the following code in the index.php file:
define('ENVIRONMENT', 'development');
/*
*---------------------------------------------------------------
* ERROR REPORTING
*---------------------------------------------------------------
*
* Different environments will require different levels of error reporting.
* By default development will show errors but testing and live will hide them.
*/
if (defined('ENVIRONMENT'))
{
switch (ENVIRONMENT)
{
case 'development':
error_reporting(E_ALL);
break;
case 'testing':
case 'production':
error_reporting(0);
break;
default:
exit('The application environment is not set correctly.');
}
}Look at the line in bold (the first line). This line has set CodeIgniter to run in development mode; to change to anything else (specifically, a live mode), change the line in bold to the following:
define('ENVIRONMENT', 'production');All errors will now be suppressed.
Query binding is a good idea; it makes your queries easier to read; queries that use the CodeIgniter binding are automatically escaped, leading to more secure queries. The syntax is simple; for example, consider the following query:
$query = "SELECT * FROM `users` WHERE user_email = ? AND user_level = ?";
Look at the end of the query; you can see that we use a question mark where we would normally use a variable; this is something that would normally look like this:
$query = "SELECT * FROM `users` WHERE user_email = $user_email AND user_level = $user_level";
How does CodeIgniter know what the question mark means, and how does CodeIgniter put the correct value in the query? Take a look at this second line:
$this->db->query($query, array($user_email, $user_level));
This is how it matches the value to the correct question mark. We use the $this->db->query()CodeIgniter function, passing to it two arguments. The first is the $query variable (containing the actual query), and the second is an array. Each position in the array matches the position of the question marks in the SQL string.