Yii Framework Forum: Esapi - Security Api - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Esapi - Security Api

#1 User is offline   micz 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 31
  • Joined: 05-June 09

Posted 03 December 2012 - 09:00 AM

I do not know if you know this project Enterprise Security API, it is special project to increase security of the web.

Here is php implementation:

http://code.google.c...wasp-esapi-php/

Maybe it would be good idea to use it in core of Yii 2.0?
0

#2 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,467
  • Joined: 17-January 09
  • Location:Russia

Posted 06 December 2012 - 12:36 PM

I think we have pretty solid security layer in 1.1. Still, it worth checking. Thanks.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#3 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,467
  • Joined: 17-January 09
  • Location:Russia

Posted 07 December 2012 - 03:58 PM

http://blog.kotowicz...s-and-csrf.html
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#4 User is offline   ekerazha 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 525
  • Joined: 10-October 08
  • Location:European Union

Posted 09 December 2012 - 04:01 PM

View Postsamdark, on 06 December 2012 - 12:36 PM, said:

I think we have pretty solid security layer in 1.1. Still, it worth checking. Thanks.


I agree, however CSecurityManager should be revamped http://www.yiiframew...ecuritymanager/
Yii user #37
0

#5 User is offline   micz 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 31
  • Joined: 05-June 09

Posted 10 December 2012 - 11:29 AM

This project was pointed out by Security Engineer from my current company. If you think it is not worth to be added to Yii 2.0, that's fine you are core devs here :)
0

#6 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,467
  • Joined: 17-January 09
  • Location:Russia

Posted 10 December 2012 - 06:06 PM

micz
Check my link. What I think is that we should never trust any code w/o actually checking it for security issues. Well, except when you don't care :)
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users