SlideShare a Scribd company logo

Yii Framework Security

Ilko Kacharov
Ilko Kacharov

The document discusses authentication and authorization in the Yii framework, including its core application components like authentication manager and access control, as well as authorization approaches like role-based access control and access control lists. Yii provides tools for user authentication, defining user roles and permissions, and controlling access to application functions and data.

Technology
1 of 16
Download to read offline
Application Security with Yii Framework Authentication and Authorization Ilko Kacharov | kachar136@gmail.com
Advantages of the framework 1. Very good documentation and many examples 2. Yii community is growing rapidly, has many free extensions 3. Easy approach to develop modules and components 4. Model, Controller, Module code generation tool may be used with custom code templates. 5. Abstract(static) component/module access Yii::app()->getComponent('db'); Yii::app()->getModule('ocstats'); 6. It gives great power with strong code controlling, 100% true OOP framework, push-pull MVC 7. It is super fast because of the usage of autoloading functions 8. Easy configuration in php array, application may be started with different configs. 9. Easy to extend / customize, simple code structure 10. Yii Authentication API for multi-channel login, easy to extend, SOAP support 11. User Access Control using different schemes like RBAC, ACL 12. Web services and console applications can be build as easy as web apps. 13. Easy form creation and form validation (client and server side), built-in ajax support 14. Easy to setup database connections and database migrations. Query builder or plain queries 15. Easy to use CRUD functions (create,read,update,delete) Article::model()->findByPk() 16. Many ready to use web widgets and tools like menus, action tables, calendars, etc. 17. Integration with twitter bootstrap css layouts and js widgets (http://yii-booster.clevertech.biz/) 18. Multiple plain PHP layouts, templates and partial templates. 19. Automatic javascript/css registering and including in the main layout from anywhere 20. Friendly with third-party code 21. Internationalisation and translations module by module in php arrays, string extraction tool 22. Error handling and logging
Performance RPS (requests per second) means how many requests an application written in a framework can process per second and APC stands for Alternative PHP Cache, a caching component used for increase of application performance (in comparison to the same metering with this extension turned off). http://www.yiiframework.com/performance/
Core Application Components Yii predefines a set of core application components to provide features common among Web applications. For example, the request component is used to resolve user requests and provide information such as URL, cookies. By configuring the properties of these core components, we can change the default behaviors of Yii in nearly every aspect. Below we list the core components that are pre-declared by CWebApplication. assetManager: CAssetManager - manages the publishing of private asset files. authManager: CAuthManager - manages role-based access control (RBAC). cache: CCache - provides data caching functionality. clientScript: CClientScript - manages client scripts (javascripts and CSS). coreMessages: CPhpMessageSource - provides translated core messages used by Yii framework. db: CDbConnection - provides the database connection. errorHandler: CErrorHandler - handles uncaught PHP errors and exceptions. messages: CPhpMessageSource - provides translated messaged used by Yii application. request: CHttpRequest - provides information related with user requests. securityManager: CSecurityManager - provides security-related services, such as hashing, encryption. session: CHttpSession - provides session-related functionalities. statePersister: CStatePersister - provides global state persistence method. urlManager: CUrlManager - provides URL parsing and creation functionality. user: CWebUser - represents the identity information of the current user. themeManager: CThemeManager - manages themes. and others...
Application life cycle The following diagram shows a typical workflow of The following diagram shows the static structure of an Yii an Yii application when it is handling a user app: request: 1. Pre-initializes the application with CApplication::preinit(); 2. Set up class autoloader and error handling; 3. Register core application components; 4. Load application configuration; 5. Initialize the application with CApplication::init() - Register application behaviors; - Load static application components; 6. Raise onBeginRequest event; 7. Process the user request: - Resolve the user request; - Create controller; - Run controller; http://www.hooto.com/media/image/view/?id=919&style=full
Authentication Authentication is the mechanism whereby systems may securely identify their users. Authentication systems provide an answers to the questions: Who is the user? Is the user really who he/she represents himself to be?
Authorization Authorization verifies what you have the permissions you need to access an object. It is the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system. ● Is user X authorized to access resource R? ● Is user X authorized to perform operation P? ● Is user X authorized to perform operation P on resource R?
Access Control Lists An access control list (ACL) is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects
Role-Based Access Control Role-based access control (RBAC) is an approach to restricting system access to authorized users. Three primary rules are defined for RBAC: 1. Role assignment: A subject can exercise a permission only if the subject has selected or been assigned a role. 2. Role authorization: A subject's active role must be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized. 3. Permission authorization: A subject can exercise a permission only if the permission is authorized for the subject's active role.
Role-Based Access Control When defining an RBAC model, the following conventions are useful: ● Subject = A person or automated agent ● Role = Job function or title which defines an authority level ● Permissions = An approval of a mode of access to a resource ● Session = A mapping involving S, R and/or P ● Subject Assignment ● Permission Assignment ● Partially ordered Role Hierarchy
Steps to secure an Yii Application 1. Defining Identity Class 2. Login and Logout 3. Cookie-based Login 4. Access Control Filter 5. Handling Authorization Result 6. Role-Based Access Control 7. Configuring Authorization Manager 8. Defining Authorization Hierarchy 9. Using Business Rules
Authenticate method in Yii Application public function authenticate() { $record=User::model()->findByAttributes(array('username'=>$this->username)); if($record===null) $this->errorCode=self::ERROR_USERNAME_INVALID; else if($record->password!==crypt($this->password,$record->password)) $this->errorCode=self::ERROR_PASSWORD_INVALID; else { $this->_id=$record->id; $this->setState('title', $record->title); $this->errorCode=self::ERROR_NONE; } return !$this->errorCode; }
API, documentation and community The Definitive http://www.yiiframework.com/doc/guide/ Guide to Yii GitHub https://github.com/yiisoft/yii/commits/master Forum http://www.yiiframework.com/forum/ Total Posts: 173,083 Total Members: 61,015 Active users at time of visit: 320 International treads: 20 Languages (incl. BG) IRC Channel http://www.yiiframework.com/chat/ Active users at time of visit: 90 Yii Books http://www.seesawlabs.com/yii-book http://yii.larryullman.com/toc.php http://yiicookbook.org/ http://packtlib.packtpub.com/library/9781847199584 IDE integrations Integrations with code completion, templates testing and debugging: NetBeans Eclipse PhpStorm Nusphere phpEd
Links Official website http://www.yiiframework.com/ Definitive Guide to Yii En/Ru http://yiiframework.ru/ Yii API and Class Reference http://www.yiiframework.com/doc/api/ Extensions Library (over 1k) http://www.yiiframework.com/extensions/ Yii General Forum (60k users) http://www.yiiframework.com/forum/ Yii Cheat sheet (quick reference) http://static.yiiframework.com/files/yii-1.0-cheatsheet.pdf Yii Related Sites http://www.yiiframework.com/wiki/98/yii-related-sites/
References D.R. Kuhn (1998). "Role Based Access Control on MLS Systems Without Kernel Changes" (PDF). Third ACM Workshop on Role Based Access Control. pp. 25–32. A.C. O'Connor and R.J. Loomis (December 2010) (PDF). Economic Analysis of Role-Based Access Control. Research Triangle Institute. John Mitchell. "Access Control and Operating System Security" Michael Clarkson. "Access Control"
License and requirements Yii is an open source project released under the terms of the BSD License. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: ● Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. ● Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. ● Neither the name of Yii Software LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. Requirement: PHP 5.1.0 or above Clevertech are currently actively developing their next major version 2.0. Yii 2.0 will be rebuilt on top of PHP 5.3.0+ and is aimed to become a state-of-the-art of the new generation of PHP framework. They advise: "If you have a new project to develop on Yii, do not wait for 2.0 as it will still take considerable time to reach the production quality." Installation: Installation of Yii mainly involves the following three steps: 1. Download Yii Framework from yiiframework.com or github repo (newest) 2. Unpack the Yii release file to any directory. (ex. /opt/yii/) 3. Link your application with the framework source

Recommended

Bai 5
Bai 5Bai 5
Bai 5Hồng Hải Đàm Quang
 
Electronique et loisirs_008__2000-01
Electronique et loisirs_008__2000-01Electronique et loisirs_008__2000-01
Electronique et loisirs_008__2000-01Gyalog József
 
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal PresentationPowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal PresentationScott Sutherland
 
Primeiros passos com a API do Zabbix - 3º Zabbix Meetup do Interior
Primeiros passos com a API do Zabbix - 3º Zabbix Meetup do InteriorPrimeiros passos com a API do Zabbix - 3º Zabbix Meetup do Interior
Primeiros passos com a API do Zabbix - 3º Zabbix Meetup do InteriorZabbix BR
 
Disaster Recovery Center and Disaster Recovery Plan
Disaster Recovery Center and Disaster Recovery PlanDisaster Recovery Center and Disaster Recovery Plan
Disaster Recovery Center and Disaster Recovery PlanFarid Er
 
Kỹ thuật tìm IP Server nằm sau CloudFlare
Kỹ thuật tìm IP Server nằm sau CloudFlareKỹ thuật tìm IP Server nằm sau CloudFlare
Kỹ thuật tìm IP Server nằm sau CloudFlareVietnix Hosting
 
Sapo Microservices Architecture
Sapo Microservices ArchitectureSapo Microservices Architecture
Sapo Microservices ArchitectureKhôi Nguyễn Minh
 
Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh HIRENALLUR
 

Recommended

Bai 5
Bai 5Bai 5
Bai 5Hồng Hải Đàm Quang
 
Electronique et loisirs_008__2000-01
Electronique et loisirs_008__2000-01Electronique et loisirs_008__2000-01
Electronique et loisirs_008__2000-01Gyalog József
 
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal PresentationPowerUpSQL - 2018 Blackhat USA Arsenal Presentation
PowerUpSQL - 2018 Blackhat USA Arsenal PresentationScott Sutherland
 
Primeiros passos com a API do Zabbix - 3º Zabbix Meetup do Interior
Primeiros passos com a API do Zabbix - 3º Zabbix Meetup do InteriorPrimeiros passos com a API do Zabbix - 3º Zabbix Meetup do Interior
Primeiros passos com a API do Zabbix - 3º Zabbix Meetup do InteriorZabbix BR
 
Disaster Recovery Center and Disaster Recovery Plan
Disaster Recovery Center and Disaster Recovery PlanDisaster Recovery Center and Disaster Recovery Plan
Disaster Recovery Center and Disaster Recovery PlanFarid Er
 
Kỹ thuật tìm IP Server nằm sau CloudFlare
Kỹ thuật tìm IP Server nằm sau CloudFlareKỹ thuật tìm IP Server nằm sau CloudFlare
Kỹ thuật tìm IP Server nằm sau CloudFlareVietnix Hosting
 
Sapo Microservices Architecture
Sapo Microservices ArchitectureSapo Microservices Architecture
Sapo Microservices ArchitectureKhôi Nguyễn Minh
 
Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh HIRENALLUR
 
Thuật Toán BEA (Bond Energy Algorithm)
Thuật Toán BEA (Bond Energy Algorithm) Thuật Toán BEA (Bond Energy Algorithm)
Thuật Toán BEA (Bond Energy Algorithm) Lương Bá Hợp
 
Manajemen Resiko (Tugas RPL)
Manajemen Resiko (Tugas RPL) Manajemen Resiko (Tugas RPL)
Manajemen Resiko (Tugas RPL) viiasilviaa
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance ReadinessAl Abbas, PMP, CISSP, MBA, MSc
 
Thiết kế hệ thống E-Commerce yêu cầu mở rộng
Thiết kế hệ thống E-Commerce yêu cầu mở rộngThiết kế hệ thống E-Commerce yêu cầu mở rộng
Thiết kế hệ thống E-Commerce yêu cầu mở rộngNguyen Minh Quang
 
Découvrir le RGPD de façon pragmatique
Découvrir le RGPD de façon pragmatiqueDécouvrir le RGPD de façon pragmatique
Découvrir le RGPD de façon pragmatiqueNicolas Wipfli
 
Accelerate Development with NX Build System
Accelerate Development with NX Build SystemAccelerate Development with NX Build System
Accelerate Development with NX Build SystemThien Ly
 
Thuật toán Nhân Bình Phương - demo
Thuật toán Nhân Bình Phương - demoThuật toán Nhân Bình Phương - demo
Thuật toán Nhân Bình Phương - demoCông Thắng Trương
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 
Luận văn: Nghiên cứu công nghệ tìm kiếm (Mã nguồn mở) Lucene
Luận văn: Nghiên cứu công nghệ tìm kiếm (Mã nguồn mở) LuceneLuận văn: Nghiên cứu công nghệ tìm kiếm (Mã nguồn mở) Lucene
Luận văn: Nghiên cứu công nghệ tìm kiếm (Mã nguồn mở) LuceneDịch vụ viết bài trọn gói ZALO 0917193864
 
Distributed Transaction in Microservice
Distributed Transaction in MicroserviceDistributed Transaction in Microservice
Distributed Transaction in MicroserviceNghia Minh
 
Sgsi vs plan director si
Sgsi vs plan director siSgsi vs plan director si
Sgsi vs plan director siROBERTH CHAVEZ
 
Báo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thông
Báo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thôngBáo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thông
Báo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thônghttps://www.facebook.com/garmentspace
 
Modul 6 manajemen proyek dan pengadaan tik 2012
Modul 6 manajemen proyek dan pengadaan tik 2012Modul 6 manajemen proyek dan pengadaan tik 2012
Modul 6 manajemen proyek dan pengadaan tik 2012Ir. Zakaria, M.M
 
Определяем приоритеты и сроки устранения инцидентов
Определяем приоритеты и сроки устранения инцидентовОпределяем приоритеты и сроки устранения инцидентов
Определяем приоритеты и сроки устранения инцидентовCleverics
 
HAProxy as Egress Controller
HAProxy as Egress ControllerHAProxy as Egress Controller
HAProxy as Egress ControllerJulien Pivotto
 
Dự án quản lý nội dung cho trang báo điện tử
Dự án quản lý nội dung cho trang báo điện tửDự án quản lý nội dung cho trang báo điện tử
Dự án quản lý nội dung cho trang báo điện tửsunflower_micro
 
Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)
Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)
Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)Luc Cao
 
Contoh proposal
Contoh proposalContoh proposal
Contoh proposalYudantop
 
Mô hình hóa Use Case 03
Mô hình hóa Use Case 03Mô hình hóa Use Case 03
Mô hình hóa Use Case 03vanphong20082002
 
Thêm sửa-xóa-combobox - c#
Thêm sửa-xóa-combobox - c#Thêm sửa-xóa-combobox - c#
Thêm sửa-xóa-combobox - c#Văn Dũng
 
Introduction to YII framework
Introduction to YII frameworkIntroduction to YII framework
Introduction to YII frameworkNaincy Gupta
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software ConceptsJITENDRA LENKA
 

More Related Content

What's hot

Thuật Toán BEA (Bond Energy Algorithm)
Thuật Toán BEA (Bond Energy Algorithm) Thuật Toán BEA (Bond Energy Algorithm)
Thuật Toán BEA (Bond Energy Algorithm) Lương Bá Hợp
 
Manajemen Resiko (Tugas RPL)
Manajemen Resiko (Tugas RPL) Manajemen Resiko (Tugas RPL)
Manajemen Resiko (Tugas RPL) viiasilviaa
 
Thiết kế hệ thống E-Commerce yêu cầu mở rộng
Thiết kế hệ thống E-Commerce yêu cầu mở rộngThiết kế hệ thống E-Commerce yêu cầu mở rộng
Thiết kế hệ thống E-Commerce yêu cầu mở rộngNguyen Minh Quang
 
Découvrir le RGPD de façon pragmatique
Découvrir le RGPD de façon pragmatiqueDécouvrir le RGPD de façon pragmatique
Découvrir le RGPD de façon pragmatiqueNicolas Wipfli
 
Accelerate Development with NX Build System
Accelerate Development with NX Build SystemAccelerate Development with NX Build System
Accelerate Development with NX Build SystemThien Ly
 
Thuật toán Nhân Bình Phương - demo
Thuật toán Nhân Bình Phương - demoThuật toán Nhân Bình Phương - demo
Thuật toán Nhân Bình Phương - demoCông Thắng Trương
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 
Distributed Transaction in Microservice
Distributed Transaction in MicroserviceDistributed Transaction in Microservice
Distributed Transaction in MicroserviceNghia Minh
 
Sgsi vs plan director si
Sgsi vs plan director siSgsi vs plan director si
Sgsi vs plan director siROBERTH CHAVEZ
 
Báo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thông
Báo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thôngBáo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thông
Báo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thônghttps://www.facebook.com/garmentspace
 
Modul 6 manajemen proyek dan pengadaan tik 2012
Modul 6 manajemen proyek dan pengadaan tik 2012Modul 6 manajemen proyek dan pengadaan tik 2012
Modul 6 manajemen proyek dan pengadaan tik 2012Ir. Zakaria, M.M
 
Определяем приоритеты и сроки устранения инцидентов
Определяем приоритеты и сроки устранения инцидентовОпределяем приоритеты и сроки устранения инцидентов
Определяем приоритеты и сроки устранения инцидентовCleverics
 
HAProxy as Egress Controller
HAProxy as Egress ControllerHAProxy as Egress Controller
HAProxy as Egress ControllerJulien Pivotto
 
Dự án quản lý nội dung cho trang báo điện tử
Dự án quản lý nội dung cho trang báo điện tửDự án quản lý nội dung cho trang báo điện tử
Dự án quản lý nội dung cho trang báo điện tửsunflower_micro
 
Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)
Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)
Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)Luc Cao
 
Contoh proposal
Contoh proposalContoh proposal
Contoh proposalYudantop
 
Mô hình hóa Use Case 03
Mô hình hóa Use Case 03Mô hình hóa Use Case 03
Mô hình hóa Use Case 03vanphong20082002
 
Thêm sửa-xóa-combobox - c#
Thêm sửa-xóa-combobox - c#Thêm sửa-xóa-combobox - c#
Thêm sửa-xóa-combobox - c#Văn Dũng
 

What's hot (20)

Thuật Toán BEA (Bond Energy Algorithm)
Thuật Toán BEA (Bond Energy Algorithm) Thuật Toán BEA (Bond Energy Algorithm)
Thuật Toán BEA (Bond Energy Algorithm)
 
Manajemen Resiko (Tugas RPL)
Manajemen Resiko (Tugas RPL) Manajemen Resiko (Tugas RPL)
Manajemen Resiko (Tugas RPL)
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance Readiness
 
Thiết kế hệ thống E-Commerce yêu cầu mở rộng
Thiết kế hệ thống E-Commerce yêu cầu mở rộngThiết kế hệ thống E-Commerce yêu cầu mở rộng
Thiết kế hệ thống E-Commerce yêu cầu mở rộng
 
Découvrir le RGPD de façon pragmatique
Découvrir le RGPD de façon pragmatiqueDécouvrir le RGPD de façon pragmatique
Découvrir le RGPD de façon pragmatique
 
Accelerate Development with NX Build System
Accelerate Development with NX Build SystemAccelerate Development with NX Build System
Accelerate Development with NX Build System
 
Thuật toán Nhân Bình Phương - demo
Thuật toán Nhân Bình Phương - demoThuật toán Nhân Bình Phương - demo
Thuật toán Nhân Bình Phương - demo
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information Security
 
Luận văn: Nghiên cứu công nghệ tìm kiếm (Mã nguồn mở) Lucene
Luận văn: Nghiên cứu công nghệ tìm kiếm (Mã nguồn mở) LuceneLuận văn: Nghiên cứu công nghệ tìm kiếm (Mã nguồn mở) Lucene
Luận văn: Nghiên cứu công nghệ tìm kiếm (Mã nguồn mở) Lucene
 
Distributed Transaction in Microservice
Distributed Transaction in MicroserviceDistributed Transaction in Microservice
Distributed Transaction in Microservice
 
Sgsi vs plan director si
Sgsi vs plan director siSgsi vs plan director si
Sgsi vs plan director si
 
Báo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thông
Báo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thôngBáo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thông
Báo cáo tiểu luận hệ thống tên miền dns - học viện bưu chính viễn thông
 
Modul 6 manajemen proyek dan pengadaan tik 2012
Modul 6 manajemen proyek dan pengadaan tik 2012Modul 6 manajemen proyek dan pengadaan tik 2012
Modul 6 manajemen proyek dan pengadaan tik 2012
 
Определяем приоритеты и сроки устранения инцидентов
Определяем приоритеты и сроки устранения инцидентовОпределяем приоритеты и сроки устранения инцидентов
Определяем приоритеты и сроки устранения инцидентов
 
HAProxy as Egress Controller
HAProxy as Egress ControllerHAProxy as Egress Controller
HAProxy as Egress Controller
 
Dự án quản lý nội dung cho trang báo điện tử
Dự án quản lý nội dung cho trang báo điện tửDự án quản lý nội dung cho trang báo điện tử
Dự án quản lý nội dung cho trang báo điện tử
 
Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)
Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)
Báo cáo hàng tuần - Các chuẩn bảo mật web (OWASP)
 
Contoh proposal
Contoh proposalContoh proposal
Contoh proposal
 
Mô hình hóa Use Case 03
Mô hình hóa Use Case 03Mô hình hóa Use Case 03
Mô hình hóa Use Case 03
 
Thêm sửa-xóa-combobox - c#
Thêm sửa-xóa-combobox - c#Thêm sửa-xóa-combobox - c#
Thêm sửa-xóa-combobox - c#
 

Viewers also liked

Introduction to YII framework
Introduction to YII frameworkIntroduction to YII framework
Introduction to YII frameworkNaincy Gupta
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software ConceptsJITENDRA LENKA
 
Collapse of angolan banking system copy
Collapse of angolan banking system copyCollapse of angolan banking system copy
Collapse of angolan banking system copyEduardo Cambinda
 
Network Security July 1
Network Security July 1Network Security July 1
Network Security July 1Jd Mercado
 
Informatics Practices Chapter 2 Open Source Software Concepts Class 12th
Informatics Practices Chapter 2 Open Source Software Concepts Class 12th Informatics Practices Chapter 2 Open Source Software Concepts Class 12th
Informatics Practices Chapter 2 Open Source Software Concepts Class 12thHarsh Mathur
 
heliodisplay
heliodisplayheliodisplay
heliodisplayRashid VM
 
What's behind facebook
What's behind facebookWhat's behind facebook
What's behind facebookAjen 陳
 
Cybersquatting
CybersquattingCybersquatting
Cybersquattinglizzielith
 
Z force touch screen technology
Z force touch screen technologyZ force touch screen technology
Z force touch screen technologylokesh naidu
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Neonode's zForce Air Technology
Neonode's zForce Air TechnologyNeonode's zForce Air Technology
Neonode's zForce Air TechnologyAshish Kumar
 

Viewers also liked (20)

Introduction to YII framework
Introduction to YII frameworkIntroduction to YII framework
Introduction to YII framework
 
Open Source Software Concepts
Open Source Software ConceptsOpen Source Software Concepts
Open Source Software Concepts
 
Collapse of angolan banking system copy
Collapse of angolan banking system copyCollapse of angolan banking system copy
Collapse of angolan banking system copy
 
Network Security July 1
Network Security July 1Network Security July 1
Network Security July 1
 
Cyberpunk
CyberpunkCyberpunk
Cyberpunk
 
Informatics Practices Chapter 2 Open Source Software Concepts Class 12th
Informatics Practices Chapter 2 Open Source Software Concepts Class 12th Informatics Practices Chapter 2 Open Source Software Concepts Class 12th
Informatics Practices Chapter 2 Open Source Software Concepts Class 12th
 
CyberPunk
CyberPunkCyberPunk
CyberPunk
 
Yii framework
Yii frameworkYii framework
Yii framework
 
Intrusion in computing
Intrusion in computingIntrusion in computing
Intrusion in computing
 
Heliodisplay
HeliodisplayHeliodisplay
Heliodisplay
 
Spoof Text
Spoof TextSpoof Text
Spoof Text
 
AirBar Sensor
AirBar SensorAirBar Sensor
AirBar Sensor
 
heliodisplay
heliodisplayheliodisplay
heliodisplay
 
What's behind facebook
What's behind facebookWhat's behind facebook
What's behind facebook
 
Heliodisplay
HeliodisplayHeliodisplay
Heliodisplay
 
Cybersquatting
CybersquattingCybersquatting
Cybersquatting
 
Z force touch screen technology
Z force touch screen technologyZ force touch screen technology
Z force touch screen technology
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
Neonode's zForce Air Technology
Neonode's zForce Air TechnologyNeonode's zForce Air Technology
Neonode's zForce Air Technology
 
Netbeans IDE & Platform
Netbeans IDE & PlatformNetbeans IDE & Platform
Netbeans IDE & Platform
 

Similar to Yii Framework Security

Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Abdelmonaim Remani
 
Get things done with Yii - quickly build webapplications
Get things done with Yii - quickly build webapplicationsGet things done with Yii - quickly build webapplications
Get things done with Yii - quickly build webapplicationsGiuliano Iacobelli
 
Opendelight reference-guide
Opendelight reference-guideOpendelight reference-guide
Opendelight reference-guideAshwini Rath
 
Introduction To CodeIgniter
Introduction To CodeIgniterIntroduction To CodeIgniter
Introduction To CodeIgniterschwebbie
 
Build your APIs with apigility
Build your APIs with apigilityBuild your APIs with apigility
Build your APIs with apigilityChristian Varela
 
Asp interview Question and Answer
Asp interview Question and Answer Asp interview Question and Answer
Asp interview Question and Answer home
 
Code igniter - A brief introduction
Code igniter - A brief introductionCode igniter - A brief introduction
Code igniter - A brief introductionCommit University
 
PHP Frameworks and CodeIgniter
PHP Frameworks and CodeIgniterPHP Frameworks and CodeIgniter
PHP Frameworks and CodeIgniterKHALID C
 
Getting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the CloudGetting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the CloudRevelation Technologies
 
Hibernate interview questions
Hibernate interview questionsHibernate interview questions
Hibernate interview questionsvenkata52
 
IRJET- Lightweight MVC Framework in PHP
IRJET- Lightweight MVC Framework in PHPIRJET- Lightweight MVC Framework in PHP
IRJET- Lightweight MVC Framework in PHPIRJET Journal
 
Introduction Yii Framework
Introduction Yii FrameworkIntroduction Yii Framework
Introduction Yii FrameworkTuan Nguyen
 
Enterprise Level Application Architecture with Web APIs using Entity Framewor...
Enterprise Level Application Architecture with Web APIs using Entity Framewor...Enterprise Level Application Architecture with Web APIs using Entity Framewor...
Enterprise Level Application Architecture with Web APIs using Entity Framewor...Akhil Mittal
 

Similar to Yii Framework Security (20)

Yii php framework_honey
Yii php framework_honeyYii php framework_honey
Yii php framework_honey
 
Fwdtechseminars
FwdtechseminarsFwdtechseminars
Fwdtechseminars
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3
 
Introduce Yii
Introduce YiiIntroduce Yii
Introduce Yii
 
Get things done with Yii - quickly build webapplications
Get things done with Yii - quickly build webapplicationsGet things done with Yii - quickly build webapplications
Get things done with Yii - quickly build webapplications
 
P H P Framework
P H P FrameworkP H P Framework
P H P Framework
 
Opendelight reference-guide
Opendelight reference-guideOpendelight reference-guide
Opendelight reference-guide
 
Introduction To CodeIgniter
Introduction To CodeIgniterIntroduction To CodeIgniter
Introduction To CodeIgniter
 
Build your APIs with apigility
Build your APIs with apigilityBuild your APIs with apigility
Build your APIs with apigility
 
Asp interview Question and Answer
Asp interview Question and Answer Asp interview Question and Answer
Asp interview Question and Answer
 
Code igniter - A brief introduction
Code igniter - A brief introductionCode igniter - A brief introduction
Code igniter - A brief introduction
 
Codeigniter
CodeigniterCodeigniter
Codeigniter
 
PHP Frameworks and CodeIgniter
PHP Frameworks and CodeIgniterPHP Frameworks and CodeIgniter
PHP Frameworks and CodeIgniter
 
Getting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the CloudGetting Started with API Management – Why It's Needed On-prem and in the Cloud
Getting Started with API Management – Why It's Needed On-prem and in the Cloud
 
Asp
AspAsp
Asp
 
Hibernate interview questions
Hibernate interview questionsHibernate interview questions
Hibernate interview questions
 
IRJET- Lightweight MVC Framework in PHP
IRJET- Lightweight MVC Framework in PHPIRJET- Lightweight MVC Framework in PHP
IRJET- Lightweight MVC Framework in PHP
 
Cache Security- The Basics
Cache Security- The BasicsCache Security- The Basics
Cache Security- The Basics
 
Introduction Yii Framework
Introduction Yii FrameworkIntroduction Yii Framework
Introduction Yii Framework
 
Enterprise Level Application Architecture with Web APIs using Entity Framewor...
Enterprise Level Application Architecture with Web APIs using Entity Framewor...Enterprise Level Application Architecture with Web APIs using Entity Framewor...
Enterprise Level Application Architecture with Web APIs using Entity Framewor...
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Yii Framework Security

  • 1. Application Security with Yii Framework Authentication and Authorization Ilko Kacharov | kachar136@gmail.com
  • 2. Advantages of the framework 1. Very good documentation and many examples 2. Yii community is growing rapidly, has many free extensions 3. Easy approach to develop modules and components 4. Model, Controller, Module code generation tool may be used with custom code templates. 5. Abstract(static) component/module access Yii::app()->getComponent('db'); Yii::app()->getModule('ocstats'); 6. It gives great power with strong code controlling, 100% true OOP framework, push-pull MVC 7. It is super fast because of the usage of autoloading functions 8. Easy configuration in php array, application may be started with different configs. 9. Easy to extend / customize, simple code structure 10. Yii Authentication API for multi-channel login, easy to extend, SOAP support 11. User Access Control using different schemes like RBAC, ACL 12. Web services and console applications can be build as easy as web apps. 13. Easy form creation and form validation (client and server side), built-in ajax support 14. Easy to setup database connections and database migrations. Query builder or plain queries 15. Easy to use CRUD functions (create,read,update,delete) Article::model()->findByPk() 16. Many ready to use web widgets and tools like menus, action tables, calendars, etc. 17. Integration with twitter bootstrap css layouts and js widgets (http://yii-booster.clevertech.biz/) 18. Multiple plain PHP layouts, templates and partial templates. 19. Automatic javascript/css registering and including in the main layout from anywhere 20. Friendly with third-party code 21. Internationalisation and translations module by module in php arrays, string extraction tool 22. Error handling and logging
  • 3. Performance RPS (requests per second) means how many requests an application written in a framework can process per second and APC stands for Alternative PHP Cache, a caching component used for increase of application performance (in comparison to the same metering with this extension turned off). http://www.yiiframework.com/performance/
  • 4. Core Application Components Yii predefines a set of core application components to provide features common among Web applications. For example, the request component is used to resolve user requests and provide information such as URL, cookies. By configuring the properties of these core components, we can change the default behaviors of Yii in nearly every aspect. Below we list the core components that are pre-declared by CWebApplication. assetManager: CAssetManager - manages the publishing of private asset files. authManager: CAuthManager - manages role-based access control (RBAC). cache: CCache - provides data caching functionality. clientScript: CClientScript - manages client scripts (javascripts and CSS). coreMessages: CPhpMessageSource - provides translated core messages used by Yii framework. db: CDbConnection - provides the database connection. errorHandler: CErrorHandler - handles uncaught PHP errors and exceptions. messages: CPhpMessageSource - provides translated messaged used by Yii application. request: CHttpRequest - provides information related with user requests. securityManager: CSecurityManager - provides security-related services, such as hashing, encryption. session: CHttpSession - provides session-related functionalities. statePersister: CStatePersister - provides global state persistence method. urlManager: CUrlManager - provides URL parsing and creation functionality. user: CWebUser - represents the identity information of the current user. themeManager: CThemeManager - manages themes. and others...
  • 5. Application life cycle The following diagram shows a typical workflow of The following diagram shows the static structure of an Yii an Yii application when it is handling a user app: request: 1. Pre-initializes the application with CApplication::preinit(); 2. Set up class autoloader and error handling; 3. Register core application components; 4. Load application configuration; 5. Initialize the application with CApplication::init() - Register application behaviors; - Load static application components; 6. Raise onBeginRequest event; 7. Process the user request: - Resolve the user request; - Create controller; - Run controller; http://www.hooto.com/media/image/view/?id=919&style=full
  • 6. Authentication Authentication is the mechanism whereby systems may securely identify their users. Authentication systems provide an answers to the questions: Who is the user? Is the user really who he/she represents himself to be?
  • 7. Authorization Authorization verifies what you have the permissions you need to access an object. It is the mechanism by which a system determines what level of access a particular authenticated user should have to secured resources controlled by the system. ● Is user X authorized to access resource R? ● Is user X authorized to perform operation P? ● Is user X authorized to perform operation P on resource R?
  • 8. Access Control Lists An access control list (ACL) is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects
  • 9. Role-Based Access Control Role-based access control (RBAC) is an approach to restricting system access to authorized users. Three primary rules are defined for RBAC: 1. Role assignment: A subject can exercise a permission only if the subject has selected or been assigned a role. 2. Role authorization: A subject's active role must be authorized for the subject. With rule 1 above, this rule ensures that users can take on only roles for which they are authorized. 3. Permission authorization: A subject can exercise a permission only if the permission is authorized for the subject's active role.
  • 10. Role-Based Access Control When defining an RBAC model, the following conventions are useful: ● Subject = A person or automated agent ● Role = Job function or title which defines an authority level ● Permissions = An approval of a mode of access to a resource ● Session = A mapping involving S, R and/or P ● Subject Assignment ● Permission Assignment ● Partially ordered Role Hierarchy
  • 11. Steps to secure an Yii Application 1. Defining Identity Class 2. Login and Logout 3. Cookie-based Login 4. Access Control Filter 5. Handling Authorization Result 6. Role-Based Access Control 7. Configuring Authorization Manager 8. Defining Authorization Hierarchy 9. Using Business Rules
  • 12. Authenticate method in Yii Application public function authenticate() { $record=User::model()->findByAttributes(array('username'=>$this->username)); if($record===null) $this->errorCode=self::ERROR_USERNAME_INVALID; else if($record->password!==crypt($this->password,$record->password)) $this->errorCode=self::ERROR_PASSWORD_INVALID; else { $this->_id=$record->id; $this->setState('title', $record->title); $this->errorCode=self::ERROR_NONE; } return !$this->errorCode; }
  • 13. API, documentation and community The Definitive http://www.yiiframework.com/doc/guide/ Guide to Yii GitHub https://github.com/yiisoft/yii/commits/master Forum http://www.yiiframework.com/forum/ Total Posts: 173,083 Total Members: 61,015 Active users at time of visit: 320 International treads: 20 Languages (incl. BG) IRC Channel http://www.yiiframework.com/chat/ Active users at time of visit: 90 Yii Books http://www.seesawlabs.com/yii-book http://yii.larryullman.com/toc.php http://yiicookbook.org/ http://packtlib.packtpub.com/library/9781847199584 IDE integrations Integrations with code completion, templates testing and debugging: NetBeans Eclipse PhpStorm Nusphere phpEd
  • 14. Links Official website http://www.yiiframework.com/ Definitive Guide to Yii En/Ru http://yiiframework.ru/ Yii API and Class Reference http://www.yiiframework.com/doc/api/ Extensions Library (over 1k) http://www.yiiframework.com/extensions/ Yii General Forum (60k users) http://www.yiiframework.com/forum/ Yii Cheat sheet (quick reference) http://static.yiiframework.com/files/yii-1.0-cheatsheet.pdf Yii Related Sites http://www.yiiframework.com/wiki/98/yii-related-sites/
  • 15. References D.R. Kuhn (1998). "Role Based Access Control on MLS Systems Without Kernel Changes" (PDF). Third ACM Workshop on Role Based Access Control. pp. 25–32. A.C. O'Connor and R.J. Loomis (December 2010) (PDF). Economic Analysis of Role-Based Access Control. Research Triangle Institute. John Mitchell. "Access Control and Operating System Security" Michael Clarkson. "Access Control"
  • 16. License and requirements Yii is an open source project released under the terms of the BSD License. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: ● Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. ● Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. ● Neither the name of Yii Software LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. Requirement: PHP 5.1.0 or above Clevertech are currently actively developing their next major version 2.0. Yii 2.0 will be rebuilt on top of PHP 5.3.0+ and is aimed to become a state-of-the-art of the new generation of PHP framework. They advise: "If you have a new project to develop on Yii, do not wait for 2.0 as it will still take considerable time to reach the production quality." Installation: Installation of Yii mainly involves the following three steps: 1. Download Yii Framework from yiiframework.com or github repo (newest) 2. Unpack the Yii release file to any directory. (ex. /opt/yii/) 3. Link your application with the framework source