Security in yii2

dear all,

i have question from one of my clients about security in yii2, they have complaint about folder permission 777 in asset and runtime folder and denied to implement those settings

therefore, our project has been delayed due security reason

they demand explanation from official yii team about those configuration

can you help me out?

hi there,

Well yii does not require 777 permissions for assets and runtime it requires write permissions for assets and runtime dir. As for runtime directory that does not even have to be public, also same for the assets you can build your assets and move to public dir. It is not even yii related in general it depends how you deploy your app it could be a (php, laravel, java, c#) app.

hope that helps.

As alrazi explained, Yii doesn’t require 777 but write permissions for the PHP process.

thank All four your answer :)

Hello, this is a few days old, but id like to ask you a question:

What does this mean? I have them set to 775. Are you saying I can set them to 770? Or are you saying you can put them somewhere else? We are deploying the whole application to the server using code deploy, is this not the best method?

It all depends on permissions of your code that deploys.

What is the preferred and more secure set up? I asked a similar question in my other post: (reply there I guess) http://www.yiiframework.com/forum/index.php/topic/76051-unsure-about-advanced-wwwadmin/page__view__findpost__p__314196