Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » how secure is SilverStripe?

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1
Go to End
Author Topic: 3362 Views
  • Berteh
    Avatar
    Community Member
    11 Posts

    how secure is SilverStripe? Link to this post

    Hello,

    Newly come here I must admit the demos and features of SilverStripe look great to me.

    Before using SS on a production website I'd like to now how secure it is against hacking... is there, for instance, any systematic vulnerability check conducted... or any forum thread gathering exploits and patches... I found none of those.

    Thanks for your comments.

  • saimo
    Avatar
    Community Member
    67 Posts

    Re: how secure is SilverStripe? Link to this post

    The only incident I've heard about is this:
    http://silverstripe.com/site-builders-forum/flat/41057

    But it seems it wasn't because of SilverStripe.

  • Willr
    Avatar
    Forum Moderator
    5508 Posts

    Re: how secure is SilverStripe? Link to this post

    The most common security error I have come across is people not changing the default admin/password. Also running the site in 'Live' mode rather then 'Dev' mode on servers is also recommended as Dev mode will output error logs which may contain your DB details as I found out. If you have any recommendations or come across anything you think could be exploited feel free to let us know!

  • Tim
    Avatar
    Core Development Team
    201 Posts

    Re: how secure is SilverStripe? Link to this post

    Stating the the security of any bit of software is flawless is just inviting trouble, so I'm not going to claim that, however I can say that to date there have been no known security breaches of SilverStripe sites (and SilverStripe has been deployed on a range of very high profile sites).

    There have been a few minor security related bugs which have been discovered over the past 18 or so months, which have all be resolved promptly and (to my knowledge) have never been exploited.

  • Berteh
    Avatar
    Community Member
    11 Posts

    Re: how secure is SilverStripe? Link to this post

    Thanks for all these replies, and be sure I'll keep you posted when going on with my testing.
    B.

    3362 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.