Difference between #15 and #23 of
Yii Security-extended guide

Changes

Title unchanged

Yii Security-extended guide

Category unchanged

Tips

Yii version unchanged

Tags unchanged

security, tutorial, tips

Content changed

[...]
"Select * from User where username='john' or 1=1";
```

and this query will return all the user data in your table, so attacker can do whatever they want with the data. This is a simple example, but it demonstrates very well of how the attack happens.

So what do you do to prevent these attacks in order to protect your data, here the followings are some approachs to raise some suggestionsecurity guide: <ol> <li>Input validation, do not trust any data from client side, always validate.</li> <li>Avoid write raw SQL statement in controller, if you have to, pay great attention to the input.</li> <li>Place the query in Model class, and use building methods like find(),findAll() etc.</li>
 
<li>Use Criteria builder to query data from your database, because all strings that are fed into the criteria are treated as strings, so database engine will not run them as sql languageUse prepared statment,in Yii, use methods in activeRecord or CDbCommand to pass $params.</li> </ol> **Magic Urls**

Another attack that you should pay attention to is the so called Magic Url. this attack happens when developers use parameters in the url as input and execute some operation on the server side. In particular, the architecture of Yii framework has opens the door to this attack. Without proper authentication guides and other countermeasures, attackers may be able to delete all the data you have in your database. so let's look at a concrete example:
[...]
or similar. It becomes clear now if your database design is just simply numerically increase the id for image records, then the obvious attack could happen just by simply changing the id value in the URL and remove the image record owned by another user, therefore this is a sinful code.

So what are the suggestionsthe followings are better some approachs to raise security guide:
<ol>
<li>Authorized the operation by checking the role of the user, consider using <a href="http://www.yiiframework.com/doc/guide/1.1/en/topics.auth ">Role-Based Access Control (RBAC)</a>.
<li>Avoid using get method when the result has side effect on the server side,use post instead and always check if it is a post request by checking:
Yii::app()->request->isPostRequest</li>
<li>
[...]
6 6
12 followers
Viewed: 31 766 times
Version: 1.1
Category: Tips
Tags: security, tips, tutorial
Written by: bingjie2680
Last updated by: bingjie2680
Created on: Nov 17, 2011
Last updated: 13 years ago
Update Article
Revert to #15 | Revert to #23

Revisions

View all history