Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

Silverstripe Security

Go to End

2 Posts   1606 Views


Community Member, 49 Posts

1 November 2008 at 4:29am

In the last years all of the many php-based CMS systems out there had a bad time with security issues more or less. Is SilverStripe not widely used enough for a start of these issues? Or have the makers learned from the lessons of the others and had taken special measurements in front? I'm just worried about using SilverStripe now and having to fight the whole thing again because it seems to start when a system is becoming more popular. Is there a security paper or statement - especially regarding the advanced CrossSideScripting and SQLInjection attacks?


Forum Moderator, 801 Posts

1 November 2008 at 11:16am

Security issues are not strictly inherent to the language they're based on - very large-scale services run on PHP just fine (and secure). We had a pretty good track record of security-holes so far - with the one exception that was just announced on our blog. I can understand your concern, and nobody can guarantee you that any web-accessible code is 100% secure, but we're definetly conscious about the issues. As an example, we built in CSRF-protection to all of our form submissions by default.

In terms of public statements and documentation, have a look at:

Let us know if you've got specific questions on securing your application, or if you have advice on how we can do better in communicating our security statements or documentation!