Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

how secure is SilverStripe?

Go to End

5 Posts   3777 Views


Community Member, 11 Posts

15 May 2008 at 7:59pm


Newly come here I must admit the demos and features of SilverStripe look great to me.

Before using SS on a production website I'd like to now how secure it is against hacking... is there, for instance, any systematic vulnerability check conducted... or any forum thread gathering exploits and patches... I found none of those.

Thanks for your comments.


Community Member, 67 Posts

15 May 2008 at 9:58pm

The only incident I've heard about is this:

But it seems it wasn't because of SilverStripe.


Forum Moderator, 5523 Posts

18 May 2008 at 9:27pm

The most common security error I have come across is people not changing the default admin/password. Also running the site in 'Live' mode rather then 'Dev' mode on servers is also recommended as Dev mode will output error logs which may contain your DB details as I found out. If you have any recommendations or come across anything you think could be exploited feel free to let us know!


Community Member, 201 Posts

19 May 2008 at 11:30am

Stating the the security of any bit of software is flawless is just inviting trouble, so I'm not going to claim that, however I can say that to date there have been no known security breaches of SilverStripe sites (and SilverStripe has been deployed on a range of very high profile sites).

There have been a few minor security related bugs which have been discovered over the past 18 or so months, which have all be resolved promptly and (to my knowledge) have never been exploited.


Community Member, 11 Posts

20 May 2008 at 9:56am

Thanks for all these replies, and be sure I'll keep you posted when going on with my testing.