This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
Hi there,
I have a client that has asked for a summary of the security features built into Silverstripe 3. I am looking for a 1 page summary of the built-in security features, but i cannot seem to find it on the Silverstripe site. Any ideas where i can get that?
Thanks
Usually it's other way around, asking a third party with an unopinionated view of things to create a security audit about what is not secure. Of course you could compile a list of buzz words about basic webdev and webserver security, but I don't think this has any meaning for you client otherthan be overwhelmed about things they don't understand -- on the other hand this might be something they looking for...
http://docs.silverstripe.org/en/3.1/developer_guides/security/secure_coding/
Silverstripe covers all the normal things.
The rest is up to the developer (no matter how good the sytem, if a dev circumvents it, it can't prevent that)
And operations (server security).
Thanks everyone...this has bee really helpful. I realize that ultimately security is the responsibility of the dev, but it is good to know that Silverstripe has so many security features already built in.
Thanks everyone...this has bee really helpful. I realize that ultimately security is the responsibility of the dev, but it is good to know that Silverstripe has so many security features already built in.
