Hi Yii Devs,
I have been writing Yii applications for a few years now but I’ve never done one that is hosted on the public domain. I’m looking for security pointers from the experienced devs here. The main one being on the DB part, is it safe for me to connect directly to the DB or I should do all that via an API? What are the risks of direct DB connection?
All advise will be gladly received.
YII_DEBUG is false.As for DB, it’s not clear whatever you mean developer connecting to remote DB from his computer or application connects to DB that’s on the same host / local network. It is preferred that DB is not accessible directly from the internet. Even with password authentication in place. If you absolutely need to check what’s going on in production database, set up ssh tunnel and connect through it.
Thank you for the reply, What I mean with the DB part is, should I save my DB configs within the application? say for the advanced template, should the DB configs lie in the main-local.php or I should have a rest API to handle all the requests.
Thanks again for the pointers 
If you want to point requests directly to DB, it sounds like a bad idea.
Well put, thank you