Wiki articles tagged with "security"

Showing 21-24 of 24 items.

Use crypt() for password storage

Created 8 years ago by fsb, updated 6 years ago by fsb.

Update: This wiki has been rewritten to be in line with Yii 1.1.14. Since many of the detailed complexities are now handled by Yii, the article focuses on how the crypt() built-in function works and why it's important to use it correctly.

15 0
Viewed: 126 304 times
Version: 1.1
Category: Tutorials

Authenticating against phpass hashes with Yii

Created 9 years ago by Da:Sourcerer, updated 7 years ago by Da:Sourcerer.
  • iteration_count_log2 controls the number of iterations for key stretching. A setting of 8 means the hash algorithm will be applied 2^8 = 256 times. This setting should be kept between 4 and 31.
  • portable_hashes controls whether portable hashes should be used or not. Portable hashes are salted MD5 hashes prefixed by $P$.
22 0
Viewed: 35 672 times
Version: 1.1
Category: How-tos

Getting to Understand Hierarchical RBAC Scheme

Created 10 years ago by daemons, updated 6 years ago by rAWTAZ.

Authentication and Authorization is a good tutorial. Among other topics, it describes basic aspects of Yii's RBAC implementation. But however hard I read the tutorial, I couldn't understand how exactly the hierarchy works. I found how to define authorization hierarchy, how business rules are evaluated, how to configure a...

47 0
Viewed: 117 090 times
Version: 1.1
Category: Tutorials

How to write secure Yii1 applications

Created 9 years ago by Fran├žois Gannaz, updated 2 months ago by Fran├žois Gannaz.
  • Validate the user input (see below for details).
  • Protect (escape) your application output according to context (see below for a few output types, mostly HTML and SQL).
  • Test your application in debug mode.
    Set the constant YII_DEBUG to true (by default, it is defined in index.php) and put alongside error_reporting(E_ALL);. Then errors and warnings will stop the execution an...
80 0
Viewed: 289 647 times
Version: 1.1
Category: How-tos