One of the excess Yii is Yii has a standard for security against many types of attacks from outside. Here is the Security Standards of Yii Framework include:
1. Cross Site Scripting prevention
Cross-site scripting or cross-site scripting Cross (also known as XSS) occurs when a web application gathers malicious data from user. Attackers will inject JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable application to fool users of other applications and collect data from them. Yii includes HTMLPurifier products and providing lining HTMLPurifier CHtmlPurifier components. This component is able to remove all malicious code with a thoroughly audited, secure yet have a list of allowed and ensure content is filtered according to the standard.
2. Prevention of Cross-Site Request Forgery
Attacks Cross-Site Request Forgery (CSRF) or Babysitting Cross-site Request Forgery occurs when a malicious web site lead to web browser user to perform unwanted actions on a secure site. Yii implements CSRF prevention scheme to help defeat the attack-POST-based storage based on a random value in the cookie and comparing this value with the value passed via POST requests.
3. Cookie Attack Prevention
Protect cookies from being attacked is very important, as session IDs are commonly stored in a cookie. Yii implements a cookie validation scheme that prevents cookies being modified.
No comments:
Post a Comment