Hi. I’m new to Yii,
The hashing of the password presented in the tutorials only helps against server compromise (DB theft), not against network sniffing. Https is not an always an available option, especially for virtual hosts.
Passwords would then have to be stored plaintext on the server, but:
-if yii is secure enough to prevent against sql injection and other vulnerabilities this wouldn’t be an issue
-simple network sniffing would be ineffective