Update: This wiki has been rewritten to be in line with Yii 1.1.14. Since many of the detailed complexities are now handled by Yii, the article focuses on how the crypt() built-in function works and why it's important to use it correctly.
I've seen many tickets regarding how to show friendly delete confirmation using CGridView's CButtonColumn in ajax request. If you are using relational database, after producing CRUD functionality when you try to delete a record in ajax mode which has child record it can't be deleted and you can see the ajax loader forever. By this way you can't show the users if a record has been successfully deleted or if there are some problem in flash style (setFlash() / getFlash())
This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in your application without much caring.
The customary configuration of a Yii application includes just a single database section in the protected/config/main.php file, but it's easy to extend this to support more than one, tying each Model to one of the databases.