留言板

  1. 主页
  2. Portal
  3. How secure is the community edition

How secure is the community edition

Peter Hellstrand,修改在12 年前。

How secure is the community edition

Regular Member 帖子: 166 加入日期: 11-11-30 最近的帖子
Hi

How secure is the community edition compared to the EE?
thumbnail
David H Nebinger,修改在12 年前。

RE: How secure is the community edition

Liferay Legend 帖子: 14919 加入日期: 06-9-2 最近的帖子
EE gets further testing. EE will get regular patch releases when security issues are found and addressed.

CE does not. CE is updated on Liferay's schedule and that's not typically driven by security fixes to be released. If you're lucky there's a patch you can grab from Jira and apply to your code but this can get tricky if you've made your own mods (which you shouldn't) or have applied other patches this patch isn't aware of.

It's safe to say that you really should not be using CE for any internet-facing (internet or extranet) scenario if you have any data you really want to protect. EE is the only option IMHO for these sites.
Peter Hellstrand,修改在12 年前。

RE: How secure is the community edition

Regular Member 帖子: 166 加入日期: 11-11-30 最近的帖子
Ok Thanks

I am not creating a banking application emoticon. The data is not very sensitive. My biggest concern is the users passwords. I do not want the passwords to leak if my users use the same passwords on other sites.

My application is very small.

What is EE pricing?
thumbnail
David H Nebinger,修改在12 年前。

RE: How secure is the community edition

Liferay Legend 帖子: 14919 加入日期: 06-9-2 最近的帖子
You'd have to contact sales for that info, I don't know how they calculate the rates.

If it's just passwords in the clear you're worried about, you may be okay w/ throwing it behind an SSL certificate. CE supports using SSL, and that will get you by that requirement.

But if you're planning on collecting credit cards, SSNs or other sorts of privacy data, would be hosting sensitive data (i.e. medical records, school records, etc.), doing some B2B work, you really would need to consider EE rather than CE...
Peter Hellstrand,修改在12 年前。

RE: How secure is the community edition

Regular Member 帖子: 166 加入日期: 11-11-30 最近的帖子
Thank you

Then I guess CE fill fit my needs.
thumbnail
Hitoshi Ozawa,修改在12 年前。

RE: How secure is the community edition

Liferay Legend 帖子: 7942 加入日期: 10-3-24 最近的帖子
FYI, many portal doesn't allow user entries (e.g. forums), so xss isn't too much of an issue. It's only on Internet portals allowing entries from unknown users when security becomes a major issue. By "unknown users", I'm referring to a portal where users can request an account by themselves. If users are required to submit credentials to obtain an account, it's possible to track who the culpit was when there's a security bleach, so users are less prone to hacking the system.