Yii2: Add TLS as Best Practice to the Guide

Created on 16 Apr 2016  路  4Comments  路  Source: yiisoft/yii2

Yii 2 provides features that rely on cookies and/or PHP sessions. These can be vulnerable. The vulnerability is reduced if the app runs on TLS.

Hence I suggest the mos def guide's page on Best Practices should have another heading to explain that if the app uses these features of Yii, it should run the app over TLS.

This section could usefully also point to an external resource for finding up-to-date information on configuring TLS, perhaps h5bp.

docs
Source
picture tom--
👍1

Most helpful comment

@samdark @tom-- can i make a pull request for this?

picture devypt on 21 Apr 2016
4

All 4 comments

Good idea. What's h5bp?

samdark picture samdark on 16 Apr 2016

https://html5boilerplate.com/ has recommended server configs that try to keep up to date with BCPs for ciphers and protocols. e.g. https://github.com/h5bp/server-configs-nginx/blob/49aac219455eea948b983d5c656bbacc431413ee/h5bp/directive-only/ssl.conf#L6

tom-- picture tom-- on 16 Apr 2016

@samdark @tom-- can i make a pull request for this?

devypt picture devypt on 21 Apr 2016
4

@devypt sure, go ahead :)

cebe picture cebe on 21 Apr 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jpodpro picture jpodpro  路  3Comments
MUTOgen picture MUTOgen  路  3Comments
SamMousa picture SamMousa  路  3Comments
Locustv2 picture Locustv2  路  3Comments
chaintng picture chaintng  路  3Comments