Web/internet facing application security measures


(Embula24) #1

Hi Yii Devs,

I have been writing Yii applications for a few years now but I’ve never done one that is hosted on the public domain. I’m looking for security pointers from the experienced devs here. The main one being on the DB part, is it safe for me to connect directly to the DB or I should do all that via an API? What are the risks of direct DB connection?

All advise will be gladly received.


(Alexander Makarov) #2
  1. Make sure YII_DEBUG is false.
  2. Read https://www.yiiframework.com/doc/guide/2.0/en/security-overview. Make sure you understand it and that your application follows what’s in the guide.

As for DB, it’s not clear whatever you mean developer connecting to remote DB from his computer or application connects to DB that’s on the same host / local network. It is preferred that DB is not accessible directly from the internet. Even with password authentication in place. If you absolutely need to check what’s going on in production database, set up ssh tunnel and connect through it.