Difference between #9 and #11 of
How to write secure Yii applications

Revision #11 has been created by Boaz on Aug 30, 2012, 10:47:43 AM with the memo:

small typo
« previous (#9) next (#13) »


Title unchanged

How to write secure Yii applications

Category unchanged


Yii version unchanged

Tags unchanged

security, authorization, authentication, XSS, SQL injection

Content changed

Regarding security, the benefit is that the application converts to HTML, so the risk
of XSS is low.

##### To go further:

* [HTML Purifier's doc](
http://htmlpurifier.org/docs). The end-user documentation contains a few thematic tutorials, like ["Customize"](http://htmlpurifier.org/docs/enduser-customize.html). The [Configuration Reference](http://htmlpurifier.org/live/configdoc/plain.html) lists all the options you can use with [CHtml::Purifier](http://www.yiiframework.com/doc/api/1.1/CHtmlPurifier) but it lacks examples.
* [CMarkdown](http://www.yiiframework.com/doc/api/1.1/CMarkdown/)
In the following lists, the firsts choices are the easiest to secure,
but it doesn't me
an the last items are not secure.

* When results are models, chose the first element of the list that matches your needs:
1. [CActiveRecord::findByPk()] or [CActiveRecord::findAllByPk()]
2. [CActiveRecord::findByAttributes()] or [CActiveRecord::findAllByAttributes()]
3. `X::model()->find($criteria, array(':param1' => $value1))` or `->findAll(...)`
80 0
Viewed: 249 899 times
Version: 1.1
Category: How-tos
Written by: François Gannaz
Last updated by: François Gannaz
Created on: Nov 22, 2011
Last updated: 4 years ago
Update Article


View all history