Contact Us
24/7
Python BlogDjango BlogSearch for Kubernetes Big DataSearch for Kubernetes AWS BlogCloud Services

Blog

<< ALL BLOG POSTS

Plone is the Most Secure CMS: 5 Features

|
March 8, 2021

Plone is one of the most secure Content Management Systems (CMSs) on the market. It is open source; it has been around for 20 years; and, knock on wood, it has never had a zero-day exploit. As a result, security is one of Plone's primary selling points, and it’s why many government and security entities choose to operate their websites using Plone.

What makes Plone so secure? Implement these 5 features:

 1. Use RestrictedPython to disable unused Python features

Plone is written and runs on Python. The Python language is very secure and well maintained, but Plone takes it one step further by implementing RestrictedPython. For extra security, RestrictedPython allows users to define a subset of the Python language and disable Python features not being used which could be utilized to attack the system.

 2. Apply security measures to Python Objects using the Zope Object Database

Zope is a free and open source web application server. The Zope Object Database is the object-oriented database where the data from a Plone site is stored. It is not SQL, and data is stored as Python Objects. Storing data as Python Objects allows for security measures to take place at the object level which can't be done with plaintext. The Zope Object Database also features a hierarchical model where objects inherit their parents’ security policies. 

 3. Grant users specific roles and permissions

Every Plone site comes with a set of default roles. Each user can be given a number of roles, and each role can be given certain permissions. Giving certain users view-only access, others edit access and some admin access, allows websites to have fine-tuned security policies. While admins can create new roles, it's best to keep it simple with clearly defined rules. Never grant every user admin access as your site will be more at risk for tampering. 

Website admins can either assign roles on a per-user level or create groups of users and assign roles to groups. There are both global and local permissions, where you could even be as granular as a single content item.

PermissionsandRoles.png

4. Manage and track content workflows

Workflows in Plone represent a way to control access to content as a function of time. To visualize workflows, think about a blog post which can be saved online in 3 different states:

PermissionsandRoles.png