Thread: Best CMS?
View Single Post
Old 04-07-2008, 05:32 PM  
Robbie
Leaner, Meaner, Faster
 
Robbie's Avatar
 
Industry Role:
Join Date: Aug 2002
Location: Vegas
Posts: 20,959
Quote:
Originally Posted by AJHall View Post
Here's the response I was given from the technical end:

With software, security is not something that you either have or don't have in your product. Security is a process. It comes from analyzing all possible and present attack vectors and minimizing or eliminating those risks.

Here are some of the ways that ElevatedX minimizes those risks.

Members Area:
-------------

Input Validation: All input to our system (things like ?id=1 and posted values) are always validated. If we're expecting id to be a number, strictly convert id into a number.

SQL Escaping: If we're expecting a value that's not a number, ALWAYS make sure the data is escaped properly. For a semi-humorous idea of what happens when you don't escape your inputs, check out this comic:
http://xkcd.com/327/


Included code: We don't include code from external URLs. Our CMS is self contained, and NEVER runs code based on outside user input.

Containment: 99% of the functionality of our CMS is contained within functions or classes

Admin Area:
-----------

Authentication: Our admin area requires a username and password to get into the system. If there are too many failed attempts at logging in for a specific user, our login page prompts for a captcha in addition to a login / password. This is exactly the way gmail works for logging in.

Permissions: Our admin area does strict checking to see if your user has permission to perform specific actions (delete sets, whatnot). While this is more of a feature than a security process, we always make sure that if you're going to do something like delete a set, you're logged in a user that allows you to do that.

Exploits and Backdoors:
-----------------------

Our software has no backdoors. We have absolutely no benefit putting them into our system. We're trying to gain new customers, not alienate them!

We currently have not run into any exploits for our software since our CMS has been released, and we're proud of this record. However, in the event that an exploit is discovered, we will address the issue immediately and upgrade all of our customers.

By choosing us, we feel you're making a safe bet.
Thank you sir.
__________________
-Robbie
ClaudiaMarie.Com
Robbie is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote