Yii Security

Hello every one this is my first topic Here :)

i want to ask about yii security features is there a real security ways have to be done after finishing the website

like checking on :



SQL Injection/Blind SQL Injection

File Upload

Information Disclosure

Local File Inclusion

Remote File Inclusion

Path Traversal

OS Commanding

Null Byte

Brute Force

i need your experience in this ways and how yii can avoid it .

as per my exp i worked in 4 yii2 projects

i have cross checked that there are no issue in security it is very safe in all manner.

Im very sure in below features.



SQL Injection/Blind SQL Injection

File Upload

yes sure,

you have to consider some important things in order to fulfill yii security and not to bypass yii’s MVC architecture (like accepting direct post data using php not using yii), anyway this link may give you and idea about best practices:


اتمني اذا كنت تعرف العربية ان تستخدمها ليستفيد المتلقي العربي، شكرا