|
|
@ -170,3 +170,17 @@ simply rewrite code with what's generated by Gii. |
|
|
|
|
|
|
|
|
|
|
|
Debug toolbar should be avoided at production unless really necessary. It exposes all the application and config |
|
|
|
Debug toolbar should be avoided at production unless really necessary. It exposes all the application and config |
|
|
|
details possible. If you absolutely need it check twice that access is properly restricted to your IP only. |
|
|
|
details possible. If you absolutely need it check twice that access is properly restricted to your IP only. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Using secure connection over TLS |
|
|
|
|
|
|
|
-------------------------------- |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Yii provides features that rely on cookies and/or PHP sessions. These can be vulnerable in case your connection is |
|
|
|
|
|
|
|
compromised. The vulnerability is reduced if the app uses secure connection via TLS. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Please refer to your webserver documentation for instructions on how to configure it. You may also check example configs |
|
|
|
|
|
|
|
provided by H5BP project: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- [Nginx](https://github.com/h5bp/server-configs-nginx) |
|
|
|
|
|
|
|
- [Apache](https://github.com/h5bp/server-configs-apache). |
|
|
|
|
|
|
|
- [IIS](https://github.com/h5bp/server-configs-iis). |
|
|
|
|
|
|
|
- [Lighttpd](https://github.com/h5bp/server-configs-lighttpd). |
|
|
|