Created
March 19, 2021 18:48
-
-
Save sgolemon/a2f98484efac50d69a292ff40bc6e036 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We are building a website using CodeIgniter3 & are very much security conscious & believe we have a brilliant idea. | |
If PHP does not follow up with this idea, then undoubtedly Microsoft and or Google will do just that. | |
So let us share the idea with PHP first & before the other 2 giants, that is if PHP ignores this message. | |
We intend to notify those 2 giants after 7 days if PHP does not respond to this message & after 30 days | |
if PHP does respond but demonstrates no interest in pursuing the matter further. | |
PHP should make the Internet a much safer place to browse & to conduct business. | |
PHP has the basic facility but does not appear to be interested in achieving a safe Internet. | |
There should be a central database that stores Face Recognition & Fingerprint Data where | |
if a person joins a PHP website, and maybe other sites, there can be a search if the User | |
has an existing database entry and then report to the website holder as to any adversities. | |
The website holder can then decide whether to proceed with or without conditions and may | |
even create its own database. The website should also have the facility to enable Javascript, | |
HTML, CSS and any other App within the User's browser, to ensure that nothing has been tampered with. | |
Of course there must be a prior warning before that can take place. | |
Once the User is registered in either the base database and or the website database, then he/she | |
can produce a face image & fingerprints each time of logging in and or making a valuable transaction, | |
to identify oneself before proceeding further, that is if the website permits such activity with that person. | |
While we do understand that CodeIgniter does eliminate SQL Injection into a url, we are not so confident | |
if there is any elimination for injecting into a text box or text area. In our project we do have some | |
Javascript & HTML restrictions and then proceed with form_validation to ensure compliance backend. | |
However, we need a more sophisticated system than form_validation and although we have attempted to | |
test callback it does fall short of being sufficient for our intention. When a form_validation is | |
triggered, excepting "required" in the event of no data entered, we will want the User's account | |
to be immediately suspended & the offending data recorded in the Admin section together with | |
User ID & Username & a message sent to the User. Within 24 hours we will need to decide on the fate of the User. | |
PHP maybe thinking why they should get involved in such high level security & feel that it | |
should be left to the security professionals. Let us say that it is the "open" environment | |
that PHP, & others, have created that causes theft & corruption via the Internet therefore | |
PHP & others have an obligation to close that opening. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment