Security considerations
When using Yii2, it's important to remember to follow security best practices in order to ensure the security of your application, the servers they run on, the data we collect, and our end users who entrust us with this information. In previous chapters, we explored how we can use the yii\base\Security class to safely encrypt and hash data and how to use hazing algorithms such as Bcrypt to secure passwords. In this section, we'll cover some additional security best practices that we can apply when building our applications.
Certificates
In almost every application that Yii2 will be providing the backend for, our clients (browsers or native clients) will communicate with our application over HTTP (Hypertext Transfer Protocol). An easy way to ensure that the information our client submits from their clients reaches our servers in the same state it left in is to encrypt the traffic between our clients and the server with a certificate signed by a trusted certificate...
