Wiki articles tagged with "security"

Showing 21-24 of 24 items.

Use crypt() for password storage

Created 12 years ago by fsb, updated 10 years ago by fsb.
16 comments

Update: This wiki has been rewritten to be in line with Yii 1.1.14. Since many of the detailed complexities are now handled by Yii, the article focuses on how the crypt() built-in function works and why it's important to use it correctly.

15 0
20 followers
Viewed: 181 480 times
Version: 1.1
Category: Tutorials
Tags: authentication, hash, hashing, password, security

Checking for "expired" sessions/logins on the client side

Created 12 years ago by le_top, updated 10 years ago by le_top.
0 comments

Getting "Expired token" errors ? Here is a solution to avoid invalid CSRF on POST or ajax requests, or user identity changes.

4 0
12 followers
Viewed: 40 097 times
Version: 1.1
Category: How-tos
Tags: allowAutoLogin, Cache-Control, cookie, CSRF, login, security, session, user auth, UserIdentity

Single PHP entry point with Nginx

Created 10 years ago by MadAnd, updated 10 years ago by MadAnd.
1 comment

In this article I will show you how to slightly increase application security, by exploiting the fact that Yii implements the Front Controller Pattern.

4 0
3 followers
Viewed: 19 796 times
Version: all
Category: How-tos
Tags: front controller, nginx, php, security, Yii

How to write secure Yii1 applications

Created 13 years ago by François Gannaz, updated 4 years ago by François Gannaz.
22 comments
  • Validate the user input (see below for details).
  • Protect (escape) your application output according to context (see below for a few output types, mostly HTML and SQL).
  • Test your application in debug mode.
    Set the constant YII_DEBUG to true (by default, it is defined in index.php) and put alongside error_reporting(E_ALL);. Then errors and warnings will stop the execution an...
80 0
114 followers
Viewed: 319 517 times
Version: 1.1
Category: How-tos
Tags: authentication, authorization, security, SQL injection, XSS