Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » Silverstripe Security

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1
Go to End
Author Topic: 1244 Views
  • freakout
    Avatar
    Community Member
    49 Posts

    Silverstripe Security Link to this post

    In the last years all of the many php-based CMS systems out there had a bad time with security issues more or less. Is SilverStripe not widely used enough for a start of these issues? Or have the makers learned from the lessons of the others and had taken special measurements in front? I'm just worried about using SilverStripe now and having to fight the whole thing again because it seems to start when a system is becoming more popular. Is there a security paper or statement - especially regarding the advanced CrossSideScripting and SQLInjection attacks?

  • Ingo
    Avatar
    Forum Moderator
    801 Posts

    Re: Silverstripe Security Link to this post

    Security issues are not strictly inherent to the language they're based on - very large-scale services run on PHP just fine (and secure). We had a pretty good track record of security-holes so far - with the one exception that was just announced on our blog. I can understand your concern, and nobody can guarantee you that any web-accessible code is 100% secure, but we're definetly conscious about the issues. As an example, we built in CSRF-protection to all of our form submissions by default.

    In terms of public statements and documentation, have a look at:
    http://doc.silverstripe.com/doku.php?id=secure-development
    http://doc.silverstripe.com/doku.php?id=security&s=secure
    http://doc.silverstripe.com/doku.php?id=security-statement&s=secure

    Let us know if you've got specific questions on securing your application, or if you have advice on how we can do better in communicating our security statements or documentation!

    1244 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.