CONTACT | SITEMAP
Contactivity BV, Stationsweg 28, 2312 AV Leiden, the Netherlands | info@contactivity.com | +31 (0) 71 514 1166
Home / Services / Contactivity In... / eZ publish / Security in eZ publish
Security in eZ publish

This article discusses issues related to the security of the eZ publish software and the underlying LAMP stack.

Underlying software (LAMP)

eZ publish sites may run on Unix (Linux, Solaris, HP-UX and FreeBSD), Win32 systems and Mac OS X. eZ publish is developed on top of the LAMP (Linux, Apache, MySQL and PHP) stack. Over the last several years, the LAMP stack has become a major development platform for the enterprise and is used by such companies as Amazon, Google and Yahoo. In order to ensure the security of the eZ publish content management system, the LAMP software needs to be regularly updated. Furthermore the system needs to be configured and secured by an experienced system administrator. Although it is possible to run eZ publish on a Windows server, the Windows software is less robust than Linux systems and might require additional security measures.

Access

By default, a user in eZ publish does not have access to anything in the system. Access needs specifically to be granted following a “secure by default” approach. Every module or function in eZ publish has access control and it is possible to limit functionality to specific parts of the content structure. The authorization process is outlined in the diagram. Optionally, SSL zones may be defined to encrypt traffic between the eZ publish server and the client, hence providing protection against third parties listening in on traffic

Site attacks
No error messages or debug output is displayed to the visitors of the site. By limiting the information given to the user, it becomes harder to exploit security holes in the system. Debug output can be logged and enabled for specific IP addresses if required. The development process of eZ publish includes scanning for traditional known security holes like XSS and SQL injections. The default configuration files of eZ publish are not accessible through a web browser, and the Apache web server configuration may be used to place further limitations on the accessibility of other file types.

URL handling
eZ publish uses user friendly URL’s to limit the possibility for a potential cracker exploiting the site. There are no ID’s or navigation details displayed in the URL. This means that a potential intruder does not have access to variables sent to the system directly.

Security in templates
All templates shipped with eZ publish are designed with security in mind, meaning that the output is properly washed to avoid XSS exploits. Before displaying stored data in any HTML page, eZ publish checks if the data is presentable, especially to avoid cross-site scripting (XSS). This includes escaping the data or converting it to a different form. All info in the templates should be displayed using the eZ publish ‘wash’ operator, that escapes special characters. The ‘wash’ template operator may also be used to rewrite email addresses in order to reduce the risk of spam.

Certification
In 2006, The Navy organization, the Deputy Assistant Secretary of the Navy for Acquisition Management, successfully achieved certification and accreditation for a website developed using eZ publish. The US Department of Defense's Information Technology Security Certification and Accreditation Process (DITSCAP) is the standard Department of Defense approach for ensuring that information systems operate at an acceptable level of security risk. For more info, see: http://ez.no/content/view/full/114009. In addition, eZ Systems provides a certification service for custom eZ publish extensions developed by third parties. A certified extension has been through a thorough validation process by the eZ Network team, and is maintained by its authors, eZ Partners.