php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-26 14:26:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #11367: mentioned securing connection with TLS in security best practices

Browse Source
This commit is contained in:
Alexander Makarov
2016-04-30 17:35:55 +03:00
parent 0a10d6e265
commit 752d537998
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/guide/security-best-practices.md
View File

@ -170,3 +170,17 @@ simply rewrite code with what's generated by Gii.
Debug toolbar should be avoided at production unless really necessary. It exposes all the application and config Debug toolbar should be avoided at production unless really necessary. It exposes all the application and config
details possible. If you absolutely need it check twice that access is properly restricted to your IP only. details possible. If you absolutely need it check twice that access is properly restricted to your IP only.
Using secure connection over TLS
--------------------------------
Yii provides features that rely on cookies and/or PHP sessions. These can be vulnerable in case your connection is
compromised. The vulnerability is reduced if the app uses secure connection via TLS.
Please refer to your webserver documentation for instructions on how to configure it. You may also check example configs
provided by H5BP project:
- [Nginx](https://github.com/h5bp/server-configs-nginx)
- [Apache](https://github.com/h5bp/server-configs-apache).
- [IIS](https://github.com/h5bp/server-configs-iis).
- [Lighttpd](https://github.com/h5bp/server-configs-lighttpd).