Yii Rights Configuration - Extending Base Controller from RController

I wont bother to write "How to install Yii rights module" since there are pretty good stuff out there which explains the process like official documentation & this article.

Main focus of this is to highlight a simple configuration step that cost me half a day (was an absolute beginner) after successfully installing Yii rights module.

As per the official documentation, you need to extend application's base controller from RController.

Tricky part for me was to find this base controller which actually resides in below location.

"application_path/protected/components/Controller.php"

Once you extend this base controller as per the official documentation (i.e. from RController), you will be able to figure out the rest.

Good luck with your Yii application !!!!

Iaas, PaaS & SaaS

With the hype about cloud computing rising up, better to have a closer look at the three most popular terms that go along with cloud computing; IaaS, PaaS and SaaS. 

• IaaS - Infrastructure as a Service 
• PaaS - Platform as a Service 
• SaaS - Software as a Service 

All these above terms refer to technologies which allow users to run applications and store data in a cloud environment. What differs them are the features, functionality and the control offered by each of the technology. 

SaaS

This allows to users to use existing applications such as google mail, google docs or Facebook. You do neither manage equipment nor software environment. But you just use the software in order to get the required work done. This is the easiest and fastest way someone can get involved with cloud computing without any hassle.

Pros

• Free or paid as a subscription fee
• Can access from anywhere using a computer and a internet connection
• Multiple users can work at the same time (E.g.: Google Docs)

Cons

• Might not fit for exact business requirement 

PaaS

Platform as a service offer platform provider specific APIs (Application Programming Interfaces) to develop own applications in cloud. for an example google offers "App Engine" and mircrosoft offers "Azure" in which developers can use them to develop their applications.

Pros

• Quick application development with provider specific APIs
• Development of applications of own choice

Cons

• Technical restriction of platform provider specific tools and languages
• Re-usability of the application is restricted 

IaaS

IaaS allows users to run any application on any amount of hardware that they choose on the cloud. Users don't need to manage hardware such as servers or switches but you can ask for them and get it as you want them. User will have to manage his own software environment by installing/ uninstalling any software you wish to have on your own premises.
IaaS is a broader subject with its branches spreading into private clouds, dedicated hosting, hybrid hosting and cloud hosting which I'll be explaining in the next blog. 

Difference between Windows "Audit account logon events" & "Audit logon events"

In windows user login capturing reports there are two options available for us to choose. Naming convention which has been used here is really confusing and does not make any sense to a non advanced user

1. Audit account logon event - Used in a domain controller
2. Audit logon events - Used in a personal computer

1. Audit account logon event

This setting track the user logging on to or logging off from another computer but this computer is used to validate the account. In general terms this will be of no use, if you have a standalone pc which is not connected to any network.

When a domain user account is authenticated using this computer, this computer will track those logging on and logging off. Event is logged in local security log.

Events	Description
672	An authentication service (AS) ticket was successfully issued and validated.
673	A ticket granting service (TGS) ticket was granted.
674	A security principal renewed an AS ticket or TGS ticket.
675	Preauthentication failed. This event is generated on a Key Distribution Center (KDC) when a user types in an incorrect password.
676	Authentication ticket request failed. This event is not generated in Windows XP or in the Windows Server 2003 family.
677	A TGS ticket was not granted. This event is not generated in Windows XP or in the Windows Server 2003 family.
678	An account was successfully mapped to a domain account.
681	Logon failure. A domain account logon was attempted. This event is not generated in Windows XP or in the Windows Server 2003 family.
682	A user has reconnected to a disconnected terminal server session.
683	A user disconnected a terminal server session without logging off.

2. Audit logon event

This would be the basic setting which would be required by individual standalone computers, to track multiple user logging on. This will track the when the users login to windows using this computer.

Logon events and description

Logon Events	Description
528	A user successfully logged on to a computer. For information about the type of logon, see the Logon Types table below.
529	Logon failure. A logon attempt was made with an unknown user name or a known user name with a bad password.
530	Logon failure. A logon attempt was made user account tried to log on outside of the allowed time.
531	Logon failure. A logon attempt was made using a disabled account.
532	Logon failure. A logon attempt was made using an expired account.
533	Logon failure. A logon attempt was made by a user who is not allowed to log on at this computer.
534	Logon failure. The user attempted to log on with a type that is not allowed.
535	Logon failure. The password for the specified account has expired.
536	Logon failure. The Net Logon service is not active.
537	Logon failure. The logon attempt failed for other reasons. Note In some cases, the reason for the logon failure may not be known.
538	The logoff process was completed for a user.
539	Logon failure. The account was locked out at the time the logon attempt was made.
540	A user successfully logged on to a network.
541	Main mode Internet Key Exchange (IKE) authentication was completed between the local computer and the listed peer identity (establishing a security association), or quick mode has established a data channel.
542	A data channel was terminated.
543	Main mode was terminated. Note This might occur as a result of the time limit on the security association expiring (the default is eight hours), policy changes, or peer termination.
544	Main mode authentication failed because the peer did not provide a valid certificate or the signature was not validated.
545	Main mode authentication failed because of a Kerberos failure or a password that is not valid.
546	IKE security association establishment failed because the peer sent a proposal that is not valid. A packet was received that contained data that is not valid.
547	A failure occurred during an IKE handshake.
548	Logon failure. The security ID (SID) from a trusted domain does not match the account domain SID of the client.
549	Logon failure. All SIDs corresponding to untrusted namespaces were filtered out during an authentication across forests.
550	Notification message that could indicate a possible denial-of-service attack.
551	A user initiated the logoff process.
552	A user successfully logged on to a computer using explicit credentials while already logged on as a different user.
682	A user has reconnected to a disconnected terminal server session.
683	A user disconnected a terminal server session without logging off. Note This event is generated when a user is connected to a terminal server session over the network. It appears on the terminal server.

Logon event 528 has more descriptions in it

type	Logon title	Description
2	Interactive	A user logged on to this computer.
3	Network	A user or computer logged on to this computer from the network.
4	Batch	Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention.
5	Service	A service was started by the Service Control Manager.
7	Unlock	This workstation was unlocked.
8	NetworkCleartext	A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext).
9	NewCredentials	A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections.
10	RemoteInteractive	A user logged on to this computer remotely using Terminal Services or Remote Desktop.
11	CachedInteractive	A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials.