Security - October CMS

This forum has moved to a new location and is in read-only mode. Please visit talk.octobercms.com to access the new location.

Gck16626

7 years ago

Hello, in security, October is he suited to the development of professional web sites? The developer does it some leeway to code as he wants, while enjoying the advantages of October?

Eoler

7 years ago

Professional websites are usually done by professional web developers that know enough about building secure services (CSRF protection, JWT, etc.) - so yes, it's well suited. ;-) CMS foundations are great, but they are just that - foundations...

daftspunky

7 years ago

Moderator

October is intrinsically secure in most cases. It is safe to use even for new developers who may lack experience in this area.

Last updated 7 years ago

Gck16626

7 years ago

Thank you for your responses

mxh

7 years ago

Someone deleted my post here. If I violated a forum rule, please let me know. But don't just delete posts about sensible topics like security - otherwise this can be seen as some kind of censorship. I've made some screens to make sure you just can't censor posts.

My concern was regarding the answer from daftspunk:

daftspunk said:

October is intrinsically secure in most cases. It is safe to use even for new developers who may lack experience in this area.

This statement may be interpreted that you don't need to care about security aspects, because Ocotober CMS would somewhat magically care for your negligency. Keep in mind that there is no magic going on here, and you will need to take care developing a secure application by yourself, no matter what you use.

Eoler

7 years ago

mxh said: This statement may be interpreted that you don't need to care about security aspects, because Ocotober CMS would somewhat magically care for your negligency. Keep in mind that there is no magic going on here, and you will need to take care developing a secure application by yourself, no matter what you use.

Well, Twig autoescaping strategy does look like a magic to me...

mxh

7 years ago

Eoler said:

mxh said: This statement may be interpreted that you don't need to care about security aspects, because Ocotober CMS would somewhat magically care for your negligency. Keep in mind that there is no magic going on here, and you will need to take care developing a secure application by yourself, no matter what you use.

Well, Twig autoescaping strategy does look like a magic to me...

Sure, I'm not saying October doesn't contain any mitigation strategies. But it doesn't contain any magic. For being able to develop a secure application, you need to know what is already taking care of by the framework, and what not, and how you make sure that the built-in features are being applied correctly.

1-7 of 7

You cannot edit posts or make replies: the forum has moved to talk.octobercms.com.

Latest from the blog

Spletna Postaja Shares Their October CMS Journey [Interview]

We're excited to share a partner spotlight interview with Spletna Postaja, a talented digital agency based in Slovenia. With over 20 years of experience, they've become experts in crafting custom digital solutions, and October CMS plays a central role in their success.

Continue reading →