The Definitive Guide to Yii 2.0

This tutorial is released under the Terms of Yii Documentation.

2014 (c) Yii Software LLC.

Introduction
- About Yii
- Upgrading from Version 1.1
Getting Started
Application Structure
Handling Requests
Key Concepts
Working with Databases
Getting Data from Users
Displaying Data
Security
Caching
RESTful Web Services
Development Tools
Testing
Special Topics
Widgets
Helpers

Details: Parent Category: The Definitive Guide to Yii 2.0; Category: Security

Working with Passwords

Most developers know that passwords cannot be stored in plain text, but many developers believe it's still safe to hash passwords using md5 or sha1. There was a time when using the aforementioned hashing algorithms was sufficient, but modern hardware makes it possible to reverse such hashes and even stronger ones very quickly using brute force attacks.

Authorization

Authorization is the process of verifying that a user has enough permission to do something. Yii provides two authorization methods: Access Control Filter (ACF) and Role-Based Access Control (RBAC).

Authentication

Authentication is the process of verifying the identity of a user. It usually uses an identifier (e.g. a username or an email address) and a secret token (e.g. a password or an access token) to judge if the user is the one whom he claims as. Authentication is the basis of the login feature.

Security

Good security is vital to the health and success of any application. Unfortunately, many developers cut corners when it comes to security, either due to a lack of understanding or because implementation is too much of a hurdle. To make your Yii powered application as secure as possible, Yii has included several excellent and easy to use security features.

Theming

Theming is a way to replace a set of views with another without the need of touching the original view rendering code. You can use theming to systematically change the look and feel of an application.

To use theming, you should configure the [[yii\base\View::theme|theme]] property of the view application component. The property configures a [[yii\base\Theme]] object which governs how view files are being replaced. You should mainly specify the following properties of [[yii\base\Theme]]:

Working with Client Scripts

Modern web applications, additionally to static HTML pages that are rendered and sent to the browser, contain JavaScript that is used to modify the page in the browser by manipulating existing elements or loading new content via AJAX. This section describes methods provided by Yii for adding JavaScript and CSS to a website as well as dynamically adjusting these.