I installed phpseclib because I needed to do some AES encryption in my project. After all the hassle of installing php lib, I found out that Yii already has a security module (securityManager). I finally decided to keep using phpseclib because it has one big advantage over Yii securityManager module, it does...
When talking about cookie-base login the Yii guide indicates the following:
In this article I will show you how to slightly increase application security, by exploiting the fact that Yii implements the Front Controller Pattern.
Suppose a hacker has an account of your website He could set the PHPSESSID to empty After of that He login in your system The PHPSESSID remains blank and user has already logged with this session
CSRF é o acrônimo para Cross-site request forgery.
CSRF é um ataque que forca o usuário a executar ações não desejadas numa aplicação Web na qual ele está autenticado.
PHPIDS é conhecido projeto que pode ser visto em php-ids.org.