Back to top

CMS Architecture - Security

  • DB Abstraction protects against SQL injection
  • XSS protected against as part of translation and theme layer
  • FormAPI - XSFR protected with with session+salt hash hidden form elements
  • FormAPI - Prevent submission of non existent radio/select options
  • Generally, "I love finding custom CMS because I know I can break into it. If I see Drupal and its up to date I just give up." - paraphrase of Rasmus Lerdorf