Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
We are building a website using CodeIgniter3 & are very much security conscious & believe we have a brilliant idea.
If PHP does not follow up with this idea, then undoubtedly Microsoft and or Google will do just that.
So let us share the idea with PHP first & before the other 2 giants, that is if PHP ignores this message.
We intend to notify those 2 giants after 7 days if PHP does not respond to this message & after 30 days
if PHP does respond but demonstrates no interest in pursuing the matter further.
PHP should make the Internet a much safer place to browse & to conduct business.
PHP has the basic facility but does not appear to be interested in achieving a safe Internet.
There should be a central database that stores Face Recognition & Fingerprint Data where
if a person joins a PHP website, and maybe other sites, there can be a search if the User
has an existing database entry and then report to the website holder as to any adversities.
The website holder can then decide whether to proceed with or without conditions and may
even create its own database. The website should also have the facility to enable Javascript,
HTML, CSS and any other App within the User's browser, to ensure that nothing has been tampered with.
Of course there must be a prior warning before that can take place.
Once the User is registered in either the base database and or the website database, then he/she
can produce a face image & fingerprints each time of logging in and or making a valuable transaction,
to identify oneself before proceeding further, that is if the website permits such activity with that person.
While we do understand that CodeIgniter does eliminate SQL Injection into a url, we are not so confident
if there is any elimination for injecting into a text box or text area. In our project we do have some
Javascript & HTML restrictions and then proceed with form_validation to ensure compliance backend.
However, we need a more sophisticated system than form_validation and although we have attempted to
test callback it does fall short of being sufficient for our intention. When a form_validation is
triggered, excepting "required" in the event of no data entered, we will want the User's account
to be immediately suspended & the offending data recorded in the Admin section together with
User ID & Username & a message sent to the User. Within 24 hours we will need to decide on the fate of the User.
PHP maybe thinking why they should get involved in such high level security & feel that it
should be left to the security professionals. Let us say that it is the "open" environment
that PHP, & others, have created that causes theft & corruption via the Internet therefore
PHP & others have an obligation to close that opening.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment