qiang what is your opinion...

I want to deploy a module with yii for a secure https, but I saw this…

Where did you read that?

i proposed to developing a site for a financial site on yii, but the IT manager thinks that about yii.

as I am not a yii expert, i cannot be sure if yii can support this kind of applications thats why i am asking to the main developer of yii.

To be honest, this judgment doesn’t make sense because easy to deploy on an https server has nothing to do with robustness of frameworks.

An application written in Yii (or any other PHP frameworks) usually shouldn’t have problem to be deployed to an https server because the sole requirement is that the URLs be constructed correctly with https scheme. Things that are more important and that Yii excels at are preventing SQL injection attacks, XSS attacks, etc.

Yes, it is true that Yii is still new. However, if you count in the years that Prado (started in 2004, the predecessor framework to Yii) exists, Yii is not new at all.

I am totally agree with you qiang,

So, what is your recommendation to implement a yii app completely with https?

I am still novice and obviously i am doing something wrong handling the urls.

also i don’t have access to the server and cannot debug and see why the https is not working properly

I have worked with cakephp, RoR and for me yii is awesome!

If your entire site is on https, then you don’t need to worry anything because all URLs created by Yii will inherit the schema (http or https) of the current request.

If not, the only thing you need to take care is when you create URLs using Yii’s createUrl() method. Take a look at CWebApplication::createAbsoluteUrl(). It allows you to specify which schema you want when creating an absolute URL.

ok thank you qiang

I am going to do this on a separate server with https just for prove all this we are saying

then maybe i can convince the client to use yii.