Hello,   in security, October is he suited to the development of professional web sites? The developer does it some leeway to code as he wants, while enjoying the advantages of October?

Professional websites are usually done by professional web developers that know enough about building secure services (CSRF protection, JWT, etc.) - so yes, it's well suited. ;-) CMS foundations are great, but they are just that - foundations...

October is intrinsically secure in most cases. It is safe to use even for new developers who may lack experience in this area.

Last updated 8 years ago

Thank you for your responses

Someone deleted my post here. If I violated a forum rule, please let me know. But don't just delete posts about sensible topics like security - otherwise this can be seen as some kind of censorship. I've made some screens to make sure you just can't censor posts.

My concern was regarding the answer from daftspunk:

daftspunk said:

October is intrinsically secure in most cases. It is safe to use even for new developers who may lack experience in this area.

This statement may be interpreted that you don't need to care about security aspects, because Ocotober CMS would somewhat magically care for your negligency. Keep in mind that there is no magic going on here, and you will need to take care developing a secure application by yourself, no matter what you use.

mxh said: This statement may be interpreted that you don't need to care about security aspects, because Ocotober CMS would somewhat magically care for your negligency. Keep in mind that there is no magic going on here, and you will need to take care developing a secure application by yourself, no matter what you use.

Well, Twig autoescaping strategy does look like a magic to me...

Eoler said:

mxh said: This statement may be interpreted that you don't need to care about security aspects, because Ocotober CMS would somewhat magically care for your negligency. Keep in mind that there is no magic going on here, and you will need to take care developing a secure application by yourself, no matter what you use.

Well, Twig autoescaping strategy does look like a magic to me...

Sure, I'm not saying October doesn't contain any mitigation strategies. But it doesn't contain any magic. For being able to develop a secure application, you need to know what is already taking care of by the framework, and what not, and how you make sure that the built-in features are being applied correctly.