Search for Resources and Solutions

How is protected Midrub

Security Monitoring System

Midrub has a security monitoring system which verifies every minute(depends on how often runs your cron job) and if detects non Midrub's php files, deletes them and sends you a notification via email.


SQL injection

I have used only query bidings and as you can read here https://www.codeigniter.com/userguide3/database/queries.html, the values are automatically escaped, producing safer queries.


XSS Filtering

I have enabled XSS protection by added $config['global_xss_filtering'] = TRUE; in the application/config/config.php file.


You can read more here https://www.codeigniter.com/user_guide/libraries/security.html


CSRF Filtering

I have enabled CSRF protection by added $config['csrf_protection'] = TRUE; in the application/config/config.php file. Also, we have used the form helper for each forms.


You can read more here https://www.codeigniter.com/user_guide/libraries/security.html


Session hijacking

I added $config['sess_use_database'] = TRUE; in the application/config/config.php file and all sessions are saved in the database.


Why there is NO captcha for login and sign up forms?

Because after 5 failed attempts to login, the user is blocked for one hour. Once registered/signed up, the ip address is stored and the user will not be able to register/sign up again for 24 hours. Also you can choose, that it will not be possible to register/sign up ever, from the same ip address. This way, we simplified the login and sign up steps, without being necessary to complete other fields.


All uploaded images and videos in the user panel will have only the read permissions. Midrub allows to run only it's files which are included in the htaccess. The htaccess from the folder assets will prevent the execution of php files in all subfolders.


For vulnerable folders i've disabled via Htaccess the php files execution but this solution won't work o Nginx.


Please, remember, i'm only a web developer and any big/middle companies have security engineers which only ensure the security for the company's projects. If you have ideas how to improve the security for Midrub, please let me know, i will check to add them.

Was this article helpful?