Home/ Questions/Q 6539165
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T10:49:30+00:00

With security in mind is it best to (for codeigniter apps): Have a controller

  • 0

With security in mind is it best to (for codeigniter apps):

  1. Have a controller that checks for POST input and then delegate to private functions.

OR

  1. Have a controller with a bunch of public functions.

My consideration here is if we allow the users to see the URL, they can just use that URL again to do some action. But if we stick with the POST-delegation method, not everyone will be able to customize their own POST info and try to game the system.

But is this really a concern of significance?? Are there any best practices for this type of concern?

Notes: I use a lot of AJAX on the app as well.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Just my personal opinion but I would go with your first option, use POST with private functions.

    I like to keep my Controllers locked down, they are independent and private and are in fact in control! They can instantiate the other ‘service’ classes (e.g. Models and Views), call the public methods in the Models and then push the data in to the Views public vars.

    In my eyes it’s like this:

    • Controller classes are independent (perhaps extending a common base class, but the same could easily be achieved with static methods), they have private methods!
    • Model classes are also largely independent but with, of course, public functions to retrieve and process data!
    • View classes are where you’ll get your public methods to render data to the page etc.

    Just a thought on your AJAX too: I use a custom handler class to serve as a controller and abstraction layer for all AJAX requests. This way you can maintain tighter security over your AJAX access and data!

    hth

    • 0