Security is of course important for your website. SilverStripe has some powerful and easy security solutions including specific functions to clean data for your developers and the ability to create different users with different abilities to edit the CMS and more. In this post, I’ll discuss some of the Security features of SilverStripe CMS.

Security for developers:

There are lots of tools that the SilverStripe framework gives you as a developer to code in secure ways. They will make your web application more secure. Let's go through some of them.

Escaping to avoid SQL Injection:

SQL Injection attacks can occur when a site is using user inputted data while the site is accessing the database via SQL. A common example might be a login form on a website where a user is inputting a username and password which a site will use in a SQL statement while checking credentials in the database. Hackers can add SQL to the username and password fields in order to expose vulnerabilities in your code. Escaping the data inputted by the user can help to avoid this.

So how does SilverStripe help to avoid SQL injection? SilverStripe framework gives you functions to make your life easier when fetching data from the database. Many times these functions are automatically escaping any user input that you may be using to access the database. For example, if you are filtering or sorting information from the database and you are using Silverstripe Framework functions to do so then these are automatically escaping for you. Most of the time in SilverStripe you are using these functions and not writing your own SQL statements so SilverStripe is saving you from doing this.

There are some cases when this isn’t the case though for example if you are writing user input to an object property or using URL Parameters (GET variables).

If you want to read more about what is and isn’t escaped you can refer to SilverStripe's own documentation here (under the Secure Coding section—>SQL Injection section) and also you can read more about what SQL injection is (with examples) here.

Cross Site Scripting:

Cross Site Scripting is another form of malicious user input. For example, in a search field on your website, it's possible that someone could enter some javascript into the search field. Depending on how your site is built its possible this javascript might be outputted somewhere on the site and potentially run. For this reason, you would want to escape this as well but also it would be a good idea to sanitize any data like this.

Another example might be if you have potentially malicious CMS user who may want to enter JavaScript into a WYSIWYG editor. SilverStripe has a setting which will remove these tags on the server side.

If for some reason some un-sanitized user input was saved to the database and later printed out in a template then SilverStripe can help you to escape it on the other end. When accessing object properties in the template SilverStripe can automatically escape such tags. There are a few more examples of particular use cases where you may need to be alert and take action to stop CSS attacks. You can read more about them here (under the Secure Coding section—>SQL Injection section).

Another related subject is that you can restrict the types of HTML elements you can allow a CMS user to actually enter into a WYSIWYG editor. JavaScript script tags can be asked to be removed as we have mentioned but also you could stop people from inserting iFrames for example as well.

Cross-Site Request Forgery:

SilverStripe has a default measure against this. When creating forms using the SilverStripe Form Object SilverStripe will create a security token on the server. A form submission with SilverStripe needs to contain this token (SilverStripe will add the token as a hidden field to the form submission) and if not it will not let the form submit. Because the token is present as a cookie on the user's browser who has submitted the form the token will not be present and is unknown to someone attempting a CSRF attack as they will not be on your computer. They will be on another trying to hijack the URL your form uses for submissions.

You can read more including examples about CSRF here.

Casting User Input:

Casting is when you force a particular variable to be of a particular type. For example and INT. In your PHP you can cast a particular variable to be of a type that you expect to be used by a non-malicious user. As such when you are working with user inputs which are from a user who may be malicious like when searching or from a form (GET, POST or URL Parameters) then you can cast a value to be of a particular type. This reduces the risk involved from a user using a different type of variable. More details on Casting here.

Filesystem:

Most of the time it's enough to restrict what files a user can upload. For example, SilverStripe automatically stops uploads of particular file types, eg .html or .xml as these can contain malicious code or links to malicious code. You can also restrict the types of image description a user uploads. Ie, no GIF's just png's as an example.

There is quite a lot more that SilverStripe is doing in this regard which you can read here.

Passwords:

Passwords are stored in a hash so they aren’t directly visible to anyone, ie in the database. Also, you can enforce certain ‘strong password’ techniques in SilverStripe if you or your developer wish to by configuring a PasswordValidator. If you are a dev you can read more about how to do this here.

ClickJacking:

ClickJacking may happen when a user of your SilverStripe app is tricked into clicking on an element on the page which seems to do one thing but in actuality does another, ie an example might be to load another page inside of an iframe which may undertake some kind of malicious task. SilverStripe can help you to stop this by signaling to the browser that the most common form of this attack, ie executing iframes, is disallowed.

SilverStripe sometimes does this by default (ie in the CMS) but you may want to make the controllers you use also send this signal to your browser. Especially if you have a site where you require people to log in etc. If you are a dev you can read more about how to do this here.

Hostname forgery:

You can define a list of ‘white’ hostnames which are allowed to access the file system of your web application with SilverStripe. This way someone using a different host can’t access it. If you are a dev you can read more about how to do this here.

Forcing SSL (HTTPS) in your URLs:

You can also force a SilverStripe application to use https (once you have purchased an SSL certificate or created a free one). You can also do this in an htaccess file but SilverStripe also allows you to do this in PHP just in case you don’t have access to the htaccess. Having an SSL certificate is becoming more important, especially in terms of SEO, and some users will be put off if you don’t have one on your application so it’s a good idea to get one. SSL forces encryption of any data the user sends to you via your web application so you are doing your user a favour here and looking after their data by doing this. If you are a dev you can read more about how to do this here.

Security in the CMS:

Some of the secure coding features above will add important layers to the CMS so it is more secure for site owners and editors. These will give you more peace of mind in creating a new login for new staff of perhaps guest bloggers or third-party consultants.

On top of this, a nice feature of SilverStripe is the ‘Groups and Permissions' control you have over creating new users. SilverStripe allows you to allocate new users to a ‘group’ for example a ‘content editors’ group. SilverStripe will allow you to define what this group is allowed to do in the CMS. This is called ‘Permissions’. It is out of the box functionality for any SilverStripe install and can be administered via the CMS.

Passwords:

Passwords are stored in the SilverStripe database as an encrypted string as described above for added security but also it is important to note that creating secure passwords is a great idea. They can be hard to remember but are far more secure. Weak passwords are a very common way to get hacked.

If you are worried about trying to remember this and all your passwords then you can do a few things.

Save it in your browser. Chrome, for example, will often save login and password details for you.
Or you could use a password software system like LastPass which will allow you to store passwords and logins for various sites and also secure notes for not only this site but many. Also, its free as a bird and can be used as an app on your phone or as a plugin to your chrome browser or you can log in to the website so you have a lot of bases covered.

SilverStripe is less of a target than WordPress:

SilverStripe is not as common as WordPress and other CMS’s so it has a built-in layer of security here just because it isn’t as visible hence targets are more likely to be on other CMS. Its no guarantee but is a nice observation security wise.

Another specific thing to note is that CMS’s which allow CMS users to install plugins (like WordPress or Joomla but unlike SilverStripe) are less secure as you are installing code which you can’t really tell is secure or not. You can buy from well-supported companies and take other precautions but the reality is that you will quite likely install something insecure if you are installing a number of plugins in Wordpress or Joomla. SilverStripe doesn’t allow a CMS user to do this so hence doesn’t allow this vulnerability.

While SilverStripe does have plugins that a developer can install the level of developer is generally higher in SilverStripe due to its learning curve. Much of the time, however, a developer is creating custom functionality for your SilverStripe site which is why as we discovered in the section above why there are so many security features SilverStripe has made available to developers. This way you are able to stand on the shoulders of giants and reap the rewards of a useful framework.