From dde7d731a53310ff233efe29e2dcf81f3c868fea Mon Sep 17 00:00:00 2001 From: Larry Ullman Date: Fri, 20 Sep 2013 20:22:51 -0400 Subject: [PATCH] Doing more editing... --- docs/guide/bootstrap-widgets.md | 6 +++--- docs/guide/overview.md | 2 +- docs/guide/security.md | 7 ++----- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/docs/guide/bootstrap-widgets.md b/docs/guide/bootstrap-widgets.md index 3f56839..432dcd8 100644 --- a/docs/guide/bootstrap-widgets.md +++ b/docs/guide/bootstrap-widgets.md @@ -1,17 +1,17 @@ Bootstrap widgets ================= -Yii includes support for the [Bootstrap 3](http://getbootstrap.com/) markup and components framework out of the box. Bootstrap is an excellent, responsive framework that can greatly speed up your development process. +Out of the box, Yii includes support for the [Bootstrap 3](http://getbootstrap.com/) markup and components framework (also known as "Twitter Bootstrap"). Bootstrap is an excellent, responsive framework that can greatly speed up the client-side of your development process. The core of Bootstrap is represented by two parts: -- CSS basics, such as grid layout system, typography, helper classes, and responsive utilities. +- CSS basics, such as a grid layout system, typography, helper classes, and responsive utilities. - Ready to use components, such as menus, pagination, modal boxes, tabs etc. Basics ------ -Yii doesn't wrap bootstrap basics into PHP code since HTML is very simple by itself in this case. You can find details +Yii doesn't wrap the bootstrap basics into PHP code since HTML is very simple by itself in this case. You can find details about using the basics at [bootstrap documentation website](http://getbootstrap.com/css/). Still Yii provides a convenient way to include bootstrap assets in your pages with a single line added to `AppAsset.php` located in your `config` directory: diff --git a/docs/guide/overview.md b/docs/guide/overview.md index ef71aa0..835c511 100644 --- a/docs/guide/overview.md +++ b/docs/guide/overview.md @@ -24,7 +24,7 @@ Yii is a generic Web programming framework that can be used for developing virtually any type of Web application. Because it is light-weight and equipped with sophisticated caching mechanisms, it is especially suited to high-traffic applications, such as portals, forums, content -management systems (CMS), e-commerce systems, etc. +management systems (CMS), e-commerce projects, etc. How does Yii Compare with Other Frameworks? diff --git a/docs/guide/security.md b/docs/guide/security.md index f9adf7c..af30e5b 100644 --- a/docs/guide/security.md +++ b/docs/guide/security.md @@ -4,12 +4,9 @@ Security Hashing and verifying passwords ------------------------------ -It is important not to store passwords in plain text but, contrary to popular belief, just using `md5` or `sha1` to -compute and verify hashes isn't a good way either. Modern hardware allows to brute force these very fast. +Most developers know that you cannot store passwords in plain text, but many believe it's safe to hash passwords using `md5` or `sha1`. There was a time when those hashing algorithms were sufficient, but modern hardware makes it possible to break those hashes very quickly using a brute force attack. -In order to truly secure user passwords even in case your database is leaked you need to use a function that is resistant -to brute-force such as bcrypt. In PHP it can be achieved by using [crypt function](http://php.net/manual/en/function.crypt.php) -but since usage isn't trivial and one can easily misuse it, Yii provides two helper functions for generating hash from +In order to truly secure user passwords, even in the worst case scenario (your database is broken into), you need to use a hashing algorithm that is resistant to brute force attacks. The best current choice is bcrypt. In PHP, you can create a bcrypt hash by using [crypt function](http://php.net/manual/en/function.crypt.php). However, this function is not easy to use properly, so Yii provides two helper functions for generating hash from password and verifying existing hash. When user sets his password we're taking password string from POST and then getting a hash: