Foren

  1. Startseite
  2. Portal
  3. How secure is the community edition

How secure is the community edition

Peter Hellstrand, geändert vor 12 Jahren.

How secure is the community edition

Regular Member Beiträge: 166 Beitrittsdatum: 30.11.11 Neueste Beiträge
Hi

How secure is the community edition compared to the EE?
thumbnail
David H Nebinger, geändert vor 12 Jahren.

RE: How secure is the community edition

Liferay Legend Beiträge: 14916 Beitrittsdatum: 02.09.06 Neueste Beiträge
EE gets further testing. EE will get regular patch releases when security issues are found and addressed.

CE does not. CE is updated on Liferay's schedule and that's not typically driven by security fixes to be released. If you're lucky there's a patch you can grab from Jira and apply to your code but this can get tricky if you've made your own mods (which you shouldn't) or have applied other patches this patch isn't aware of.

It's safe to say that you really should not be using CE for any internet-facing (internet or extranet) scenario if you have any data you really want to protect. EE is the only option IMHO for these sites.
Peter Hellstrand, geändert vor 12 Jahren.

RE: How secure is the community edition

Regular Member Beiträge: 166 Beitrittsdatum: 30.11.11 Neueste Beiträge
Ok Thanks

I am not creating a banking application emoticon. The data is not very sensitive. My biggest concern is the users passwords. I do not want the passwords to leak if my users use the same passwords on other sites.

My application is very small.

What is EE pricing?
thumbnail
David H Nebinger, geändert vor 12 Jahren.

RE: How secure is the community edition

Liferay Legend Beiträge: 14916 Beitrittsdatum: 02.09.06 Neueste Beiträge
You'd have to contact sales for that info, I don't know how they calculate the rates.

If it's just passwords in the clear you're worried about, you may be okay w/ throwing it behind an SSL certificate. CE supports using SSL, and that will get you by that requirement.

But if you're planning on collecting credit cards, SSNs or other sorts of privacy data, would be hosting sensitive data (i.e. medical records, school records, etc.), doing some B2B work, you really would need to consider EE rather than CE...
Peter Hellstrand, geändert vor 12 Jahren.

RE: How secure is the community edition

Regular Member Beiträge: 166 Beitrittsdatum: 30.11.11 Neueste Beiträge
Thank you

Then I guess CE fill fit my needs.
thumbnail
Hitoshi Ozawa, geändert vor 12 Jahren.

RE: How secure is the community edition

Liferay Legend Beiträge: 7942 Beitrittsdatum: 24.03.10 Neueste Beiträge
FYI, many portal doesn't allow user entries (e.g. forums), so xss isn't too much of an issue. It's only on Internet portals allowing entries from unknown users when security becomes a major issue. By "unknown users", I'm referring to a portal where users can request an account by themselves. If users are required to submit credentials to obtain an account, it's possible to track who the culpit was when there's a security bleach, so users are less prone to hacking the system.