I have a security problem in my webapplication. Anybody have the same problem.
I have created web application with Yii v1.1.12.
I have [size="2"]created[/size][size="2"] two method in employeecontroller, because i want everybody should access from within our company network.[/size]
But it is accessible outside our company network also…where is the failure…(i.e) It is searchable in google.
I am not sure whether security flaw is in framework or webserver settings.
Edit: I have employeecontroller which doest not have filters and accessrules methods. Is that problem?
Thanks for your reply. Just now i analysed when we dont have two methods filters, accessRules in our controller then its open to public(i.e) searchable in google.
I’m not sure if I understand the problem - is your company network secured behind the firewall and accessible only from inside? Looks like not because google can reach it. So I guess the network is opened and what you want to do is to restrict access only to company members.
In this case you have to prepare mechanism to restrict the access and yes, one of the methods to do this is to create proper access filters in Yii. But this is not a security issue of the Yii framework.
By the way - 1.1.12 is so old, update it to 1.1.16. Or better - switch to Yii 2 if possible.
