Module Security

Module Security

So, you created your module and works fine, but is it secure? You must ensure that your module is secure and is not vulnerable to any SQL Injections are directory traversing.

You can find below best practices to ensure that your module will be secure. Feel free to apply your own best practices for your module security.

Gather user data from requests

When a user is filling forms, the data is sent e.q. via a POST request to the controller after that you gather this data and insert into the database.

To ensure that this data is escaped, you should gather the data with the built-in CodeIgniter framework input class.

// Get data from POST request

 

$data = $this->input->post();

$client_id = $this->input->post('client_id');

 

// Get data from GET request

 

$data = $this->input->get();

$client_id = $this->input->get('client_id');

Do Not Allow Direct Access the Module Files

For each .php file you created for your module, you must add the code below at the top of the file to prevent the file to be accessed directly.

defined('BASEPATH') or exit('No direct script access allowed');

Include empty index.html files

Always add empty index.html file in each folder you will create in your module directory including your module root directory.

E.q. in modules/[your-module]/


E.q. in modules[your-module]/views




    • Related Articles

    • Module Basics

      Modules location & Name All modules should be added in the modules folder in your root directory where Our CRM is installed and each module must have unique folder name and init file with the same name as your module folder name. Creating your first ...
    • Common Module Functions

      register_activation_hook /** * Register module activation hook * @param  string $module   module system name * @param  mixed $function  function for the hook * @return mixed */   register_activation_hook($module, $function) register_deactivation_hook ...
    • Module File Headers

      Each module in Our CRM consist of init file which contains the general module configuration and includes headers containing meta-information regarding the module. Module init file headers example The follow example is taken from the default Our CRM ...
    • Data Processing Addendum

      In order that you as a service user and data controller (referred to as “Controller” or “User”) may use or continue to use a) our social and business network platform; and b) use our auxiliary services (“Services”) offered by us, BIMeta Corporation ...
    • 13: Memories

      Relive your moments with the "Memories" module on BIMeta using this simple guide: 1. Locate 'Memories': On the left side of the site, find and click on the 'Memories' module. 2. Explore Memories Page: · Clicking opens the 'Memories' page, revealing: ...