Difference between #9 and #11 of
How to write secure Yii applications

Revision #11 has been created by Boaz on Aug 30, 2012, 10:47:43 AM with the memo:

small typo
« previous (#9) next (#13) »

Changes

Title unchanged

How to write secure Yii applications

Category unchanged

How-tos

Yii version unchanged

Tags unchanged

security, authorization, authentication, XSS, SQL injection

Content changed

[...]
Regarding security, the benefit is that the application converts to HTML, so the risk
of XSS is low.

##### To go further:

* [HTML Purifier's doc](
http://htmlpurifier.org/docs). The end-user documentation contains a few thematic tutorials, like ["Customize"](http://htmlpurifier.org/docs/enduser-customize.html). The [Configuration Reference](http://htmlpurifier.org/live/configdoc/plain.html) lists all the options you can use with [CHtml::Purifier](http://www.yiiframework.com/doc/api/1.1/CHtmlPurifier) but it lacks examples.
* [CMarkdown](http://www.yiiframework.com/doc/api/1.1/CMarkdown/)
[...]
In the following lists, the firsts choices are the easiest to secure,
but it doesn't me
an the last items are not secure.

* When results are models, chose the first element of the list that matches your needs:
1. [CActiveRecord::findByPk()] or [CActiveRecord::findAllByPk()]
2. [CActiveRecord::findByAttributes()] or [CActiveRecord::findAllByAttributes()]
3. `X::model()->find($criteria, array(':param1' => $value1))` or `->findAll(...)`
[...]
80 0
118 followers
Viewed: 249 899 times
Version: 1.1
Category: How-tos
Written by: François Gannaz
Last updated by: François Gannaz
Created on: Nov 22, 2011
Last updated: 4 years ago
Update Article

Revisions

View all history