Concrete5 & Security
Permalink
Hello All,
I am deciding whether or not to use c5 for a new large project I have and was looking for some advice.
Its for a large accountancy practice, and we will be storing the accountants clients documents in the system. They will login and gain access to their own companies accounts. Obviously the data is highly sensitive.
How secure is C% for this purpose..? Main on the account side and also hacking..?
Would you suggest SSL for the login and account profiles or is this more for e-commerce..?
Thanks
I am deciding whether or not to use c5 for a new large project I have and was looking for some advice.
Its for a large accountancy practice, and we will be storing the accountants clients documents in the system. They will login and gain access to their own companies accounts. Obviously the data is highly sensitive.
How secure is C% for this purpose..? Main on the account side and also hacking..?
Would you suggest SSL for the login and account profiles or is this more for e-commerce..?
Thanks
Thank you for the update.
Is there a global method of forcing pages to load using SSL in C5..?
I would want the '/login' page and all profile single page I will be creating to use SSL and will need to enable this.
Thanks
Is there a global method of forcing pages to load using SSL in C5..?
I would want the '/login' page and all profile single page I will be creating to use SSL and will need to enable this.
Thanks
Hi,
The easiest way to make sure you are always in ssl on your site is to just set the directive in .htaccess and let apache deal with it.
I am sure there are other means of approaching the problem but this seems like the most direct route to me.
Here is one discussion over on stack overflow:
http://stackoverflow.com/questions/11766995/force-ssl-and-www-toget...
That should get you pointed in the right direction.
The easiest way to make sure you are always in ssl on your site is to just set the directive in .htaccess and let apache deal with it.
I am sure there are other means of approaching the problem but this seems like the most direct route to me.
Here is one discussion over on stack overflow:
http://stackoverflow.com/questions/11766995/force-ssl-and-www-toget...
That should get you pointed in the right direction.
Yes, I would run everything through SSL. I'd also explore PCI compliance on
the server.
best wishes
Franz Maruna
CEO - concrete5.org
http://about.me/frz