php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-10-31 18:47:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
20,477 Commits 10 Branches 79 Tags
Commit Graph

44 Commits

Author SHA1 Message Date
Sonia Zorba
2995696db9 Added section about Unsafe Reflection in Security best practices doc (#19948) 
Co-authored-by: Bizley <pawel.bizley@gmail.com>
 2023-09-19 10:24:11 +02:00
Ihor Sychevskyi
b520f57c4e Update protocol links (#19658) 2022-11-06 11:26:43 +04:00
Andrew Dawes
7c26670f4d Fixed several typos and grammar errors (#19639) 2022-10-22 15:35:53 +02:00
Bizley
161526cd41 HTTPS everywhere (#19503) 2022-08-03 12:32:18 +03:00
Ihor Sychevskyi
9bcc8c8e83 update links (en) (#19222) 
Co-authored-by: Bizley <pawel@positive.codes>
 2022-02-12 17:43:48 +01:00
Alexey Rogachev
717a883d58 Fix #19042: Fix broken link (https://owasp.org/index.php/Top_10_2007-Information_Leakage) (#19043) 2021-11-23 21:32:17 +03:00
Ihor Sychevskyi
7d789bd0a6 update Exception Handling link (#19035) 2021-11-22 08:25:26 +01:00
Ihor Sychevskyi
e00b6d607d update SameSite link (#19029) 2021-11-19 10:21:33 +01:00
Ihor Sychevskyi
ac454a90d1 update csrf link (#19023) 2021-11-16 08:39:47 +01:00
Ihor Sychevskyi
8585ba3a18 update SQL Injection link (#19015) 2021-11-12 09:36:01 +01:00
Ihor Sychevskyi
db8de0e57f update Cross Site Scripting link (#19002) 2021-11-08 09:05:50 +01:00
Ihor Sychevskyi
1a571f2c4b update code Injection link (#18999) 2021-11-04 08:48:33 +01:00
Ihor Sychevskyi
817f956013 update Command Injection link (#18989) 2021-10-31 09:10:32 +01:00
Ihor Sychevskyi
577b68b7d5 update Data Validation link (#18980) 2021-10-28 08:01:26 +02:00
Alexander Makarov
6b1750d35f Add note about updating cacert.pem 2021-03-03 15:48:49 +03:00
Alexander Makarov
daafa44d57 Add "Configuring SSL peer validation" to security best practices guide 2021-03-03 03:21:50 +03:00
Nobuo Kihara
4a9c82f9ab Fix typos in documentation, update Japanese translation (#17551) [skip ci] 2019-09-09 17:06:25 +03:00
rhertogh
1ed6ec1e5c Fixes #17353: Added sameSite support for yii\web\Cookie and yii\web\Session::cookieParams 2019-06-11 00:33:36 +03:00
Maxim Tugaev
31d3850a13 Fix typos in docs (#17084) [skip ci] 2019-01-30 01:06:13 +03:00
Carsten Brandt
bbdb3ee722 update CSRF docs 2018-10-05 11:14:04 +02:00
paresh27
96a0372ec1 Update security-best-practices.md (#16036) [skip ci] 2018-04-04 16:14:42 +03:00
Angel Guevara
519753d868 Added missing parts of disabling CSRF validation doc [skip ci] (#13966) 2017-04-12 01:55:13 +03:00
Alexey Rogachev
9445e5508b Fixes #10675: Added docs for disabling CSRF validation in standalone actions 2017-04-11 02:05:36 +03:00
Carsten Brandt
5727699445 Aadded OWASP references to security guide (#13667) [skip ci] 
Currently security guide is very thrifty with information on what a topic is about. So for beginners it is not clear why something like CSRF or XSS protection is even needed.

I added a few reference links to allow reading about more background behind the topics.
 2017-02-27 11:31:04 +03:00
Robert Korulczyk
35998449eb Add yii\filters\HostControl::$fallbackHostInfo (#13117) 2016-12-03 08:25:39 +02:00
Klimov Paul
7da77c3d5a created HostControl filter to prevent Host header attacks 
fixes #13050
close #13063
 2016-12-01 00:59:26 +01:00
Carsten Brandt
a498dedb5c Added documentation about Host header attack (#13073) 
* Added documentation about Host header attack

Added info about Host header attack (#13050) to the guide and the Request class.
When we introduce a filter or property to protect against this, these
sections should be updated to link to that option.
 2016-11-26 21:57:52 +01:00
Alexey Rogachev
f4e54a1b5a Fixed typo in get parameter in docs [skip ci] (#13066) 2016-11-24 11:52:44 +03:00
SilverFire - Dmitry Naumenko
685f16e8ef 📖 Updated guide pages - wrap true, false, null 2016-09-20 10:49:15 +03:00
Dmitriy Makarov
383de6f051 📖 Fix typo [skip ci] 2016-08-25 08:23:11 +03:00
Alexander Makarov
63cac32fbc Cleaned up security guide 2016-05-01 00:19:55 +03:00
Alexander Makarov
9a842d25e5 Better docs wording as suggested in 752d537998f71a568a035a3ac69e69f2c4a8f22b 2016-04-30 19:18:59 +03:00
Alexander Makarov
752d537998 Fixes #11367: mentioned securing connection with TLS in security best practices 2016-04-30 17:35:55 +03:00
Dmitry Naumenko
9f1a0aed3d Text style fixes 2015-05-12 11:36:25 +03:00
Dmitry Naumenko
65048c87ed Updated guide/security-best-practices 
A little bit more information about the CSRF
 2015-05-12 11:05:34 +03:00
Nobuo Kihara
82036a9841 docs/guide/security-best-practices.md - small fix [ci skip] 2015-02-21 17:31:47 +09:00
Alexander Makarov
c8e56d178b Added intro to CSRF to security-best-practices 2015-02-19 22:44:57 +03:00
alejandrochen
f8971c7644 Update security-best-practices.md 
proerly -> properly
 2015-02-11 15:57:01 -03:00
Nobuo Kihara
5549149433 docs/guide/security-best-practices.md - minor fix [ci skip] 2014-12-23 08:26:21 +09:00
Alexander Makarov
37ec930feb Added note on how to deal with filtering column names 2014-12-17 16:32:10 +03:00
Alexander Makarov
874c6331d2 A plan on security guide CSRF section 2014-12-14 23:51:14 +03:00
pana1990
0f0d9020b3 fix mistake small [skip ci] 2014-12-14 18:01:41 +01:00
Alexander Makarov
996856c04c Security best practices guide 2014-12-14 18:34:20 +03:00
Carsten Brandt
d68d8628fa created stub documentation files for TDB sections 
to avoid issues about 404 links in the guide
 2014-10-18 18:58:59 +02:00