Answer the question
In order to leave comments, you need to log in
Where to hire a smart security specialist for CMF?
Where to rent a smart security specialist for CMF (in particular, Siphonia).
Briefly the crux of the problem is
sql > update roles = "ROLES_ADMIN" where username = 'hacker';
site.com/admin
Welcome admin Hacker! Whatsup.
And this is apparently just the tip of the security iceberg for CMF.
Answer the question
In order to leave comments, you need to log in
And what about CMF?
The CMF is nothing more than a skeleton for a web application, and the holes that are created as a result depend on the directness of the developer of the application.
If you need an audit READY! WEB applications then look for companies providing such services - expensive, long, works until the first intervention of crooked hands in the code.
As has been said, this is not Symphony's problem, practically the protection of any site flies `to hell` when an attacker has access to the database or to the code. If you want to get confused, create another hash field that will confirm the current role and make a subscriber that will work on every request to the site. Symphony is primarily a development tool that provides basic capabilities, and you (the programmer), based on the mania of persecuting the customer and the global conspiracy, implement your ideas.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question