Yii Framework Wiki
Difference between
#16 and
#17 of
How to write secure Yii1 applications
Revision #17 has been created by François Gannaz on Oct 30, 2013, 9:18:08 AM with the memo:
Add comments to the Apache VH snippet
« previous (#16) next (#18) »
Changes
Title unchanged
How to write secure Yii applications
Category unchanged
How-tos
Yii version unchanged
Tags unchanged
security, authorization, authentication, XSS, SQL injection
Content changed
[...]
php_admin_flag engine offOptions -Indexes
</Directory>
~~~
Instead of the previous configuration, here is an example of putting a Yii application in a Virtual Host. Each securing directive has an explaining comment. ~~~ [apache] # Example config for Yii-myapp as an Apache VirtualHost # Please set the path
<VirtualHost *:80>
[...]
<Directory "/home/myapp/www"># These 2 lines are useless with modern PHP php_flag register_globals Off php_flag gpc_magic_quotes Off #
#
<Directory "/home/myapp/www/protected"> Deny from All </Directory> # protect several non-PHP directories
<DirectoryMatch "/home/myapp/www/(assets
php_admin_flag engine off
# Forbid execution of PHP scripts
php_admin_flag engine off
# Forbid listing of files Options -Indexes </DirectoryMatch>
</VirtualHost>
~~~
### For every PHP project
[...]
114 followers
Viewed: 315 033 times
Version: 1.1
Category: How-tos
Written by: François Gannaz
Last updated by: François Gannaz
Created on: Nov 22, 2011
Last updated: 3 years ago
Revisions
View all history-
3 years ago by
François Gannaz fixes the markdown syntax, because the w...
-
11 years ago by
François Gannaz Add comments to the Apache VH snippet
-
11 years ago by
François Gannaz Better doc on HTML escaping
-
11 years ago by
CeBe fixed example code of CJavaScript::encod...
-
12 years ago by
Boaz utilizing the recommendation to cast to...
-
12 years ago by
Boaz small typo
-
12 years ago by
acorncom fixed the striptags function, it's actua...
-
12 years ago by
stennie Make sure your error messages don't cont...