EPiServer CMS is designed to meet high standards regarding security features within a wide range of scenarios. This section provides an introduction to security features of EPiServer CMS and discusses different aspects related to security and website management.
Security Features of EPiServer CMS
EPiServer CMS has the following security features:
- Authentication and Authorization. The authentication in EPiServer CMS is based on the ASP.NET default framework for
role and membership providers. EPiServer CMS uses a standard API which makes it easy to create your own provider for any type of user database, as well as third-party providers. It is possible to use Single Sign On with EPiServer CMS, and you can also use mobiles and other security tokens to perform part of the authentication. Note that where and how user credentials are stored, depends entirely on the authentication model used.
The separation of authentication and authorization increases flexibility. Making a call to a provider makes it possible to delegate security operations to a separate machine, thereby increasing scalability. Find out more about this area in the section Authorization and Authentication.
- Injection. All code in EPiServer CMS use parameterized API’s to make sure that injection attacks cannot be carried out from untrusted input. There are no code paths in EPiServer CMS that uses untrusted data in XML-related calls.
- Cross-site Scripting (XSS). In EPiServer CMS, user input is filtered and validated to prevent these issues. Depending on the actual piece of information, HTML encoding is also applied to the outgoing data stream to make sure that XSS does not happen. The editorial and administrative interfaces are areas where HTML and scripts are sometimes allowed to be posted and used as-is on a web page. Here, EPiServer CMS relies on its authorization features to ensure that only trusted users can provide content.
- Broken Authentication and Session Management. The authentication and authorization system in EPiServer CMS is based on the ASP.NET default framework for role and membership. EPiServer CMS does not rely on any session data, which increases security as well as improves scalability and performance since a browser session does not need server affinity (from a security perspective). See also the section Protecting Users From Session Hijacking.
- Insecure Direct Object References. In EPiServer CMS the references always goes through at least one layer of indirection with appropriate access controls in place.
- Cross-site Request Forgery (CSRF). EPiServer CMS has a CSRF prevention mechanism that automatically detects forged requests for all system pages. The event validation mechanism in ASP.NET is also enabled for these pages. For the template pages it is possible to activate both the anti-forgery validation as well as the event validation.
- Security Misconfiguration. Any configuration in EPiServer CMS is designed with “secure by default” in mind. Strong security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained as many are not shipped with secure defaults.
- Insecure Cryptographic Storage. EPiServer CMS uses verified, strong algorithms. Only a small part of the EPiServer CMS configuration information contains sensitive information such as the ”ConnectionStrings” section. This information can optionally be encrypted by the built-in .NET framework features. Other system assets are stored in an SQL database with full support of the native encryption mechanisms of the database.
- Failure to Restrict URL Access. Sensitive areas of EPiServer CMS such as the edit and admin user interfaces, are protected by default with the standard configuration. Information presented on public-facing web pages are subject to authorization based on the content that is displayed. In no case does EPiServer CMS rely on security through a secret actual URL. Find out more about this area in the section Securing Edit and Admin.
- Insufficient Transport Layer Protection. The single most common piece of sensitive information that is transmitted on the network are the user credentials (username and password). EPiServer CMS fully supports the use of SSL (HTTPS protocol) for any web page that is associated with a forms-based logon screen, and the use of SSL is strongly recommended.
- Unvalidated Redirects and Forwards. There is an absolute minimum of redirects in EPiServer CMS since they are undesirable both from a security standpoint as well as performance. Existing redirects are based on internal data or sanitized information.
- Virus Protection. EPiServer CMS relies on third-party products for virus protection. Note that files that are uploaded to the file manager in EPiServer CMS, will never be executed by the EPiServer CMS system, preventing potential viruses inside files to spread from there to the CMS system.