Security in yii2

ninjacyber · November 9, 2017, 2:01pm

dear all,

i have question from one of my clients about security in yii2, they have complaint about folder permission 777 in asset and runtime folder and denied to implement those settings

therefore, our project has been delayed due security reason

they demand explanation from official yii team about those configuration

can you help me out?

alirz23 · November 9, 2017, 2:38pm

hi there,

Well yii does not require 777 permissions for assets and runtime it requires write permissions for assets and runtime dir. As for runtime directory that does not even have to be public, also same for the assets you can build your assets and move to public dir. It is not even yii related in general it depends how you deploy your app it could be a (php, laravel, java, c#) app.

hope that helps.

samdark · November 9, 2017, 6:49pm

As alrazi explained, Yii doesn’t require 777 but write permissions for the PHP process.

ninjacyber · November 10, 2017, 3:29am

thank All four your answer

JJBros · November 28, 2017, 12:04am

Hello, this is a few days old, but id like to ask you a question:

What does this mean? I have them set to 775. Are you saying I can set them to 770? Or are you saying you can put them somewhere else? We are deploying the whole application to the server using code deploy, is this not the best method?

samdark · November 29, 2017, 7:49pm

It all depends on permissions of your code that deploys.

JJBros · November 29, 2017, 10:31pm

What is the preferred and more secure set up? I asked a similar question in my other post: (reply there I guess) http://www.yiiframework.com/forum/index.php/topic/76051-unsure-about-advanced-wwwadmin/page__view__findpost__p__314196