What is the Security class in CodeIgniter 4?
Why Interviewers Ask This
Foundational questions like this help interviewers calibrate the rest of the interview. A confident, accurate answer signals that you have solid CodeIgniter basics — a prerequisite for any developer role.
Answer
The Security class in CodeIgniter 4 handles various security features. Get it: $security = service("security"). CSRF: generates and validates CSRF tokens for form protection (csrf_token(), csrf_hash(), csrf_field() helpers). XSS filtering: $security->sanitizeFilename($filename) cleans filenames for safe use. Input sanitization: use $request->getVar("field", FILTER_SANITIZE_STRING) or PHP's filter functions. The esc($value, "html") function (or its alias h()) escapes output for HTML — use it in views instead of xss_clean(). Configure CSRF options in app/Config/Security.php: token name, cookie settings, regeneration policy, and which routes to exclude. Always escape output at display time rather than sanitizing at input time.
Common Mistake
A common mistake is memorizing definitions without understanding implications. When asked this question, go one level deeper — explain what happens when this concept is misused or ignored.
Previous
What is the difference between CodeIgniter 3 and CodeIgniter 4?
Next
What are Migrations in CodeIgniter 4?