111 Commits

Author	SHA1	Message	Date
Ingo Schommer	fee31c2c6c	DOCS Recommend moving .protected out of webroot ... Note that it's currently unclear whether Silverstripe Cloud or CWP support this, but it shouldn't block us from recommend this in the open source project. It's documented in the "server requirements", which should make it pretty clear that this requires you to have control over server configuration (or check with those that have). See https://github.com/silverstripe/silverstripe-framework/issues/7710	2020-10-15 17:08:37 +13:00
Ingo Schommer	bffb7e2577	Revert "DOCS MFA authentication" ... Underlying feature isn't merged yet, see https://github.com/silverstripe/silverstripe-installer/issues/280 Revert "Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md" This reverts commit 72a02a3d0e. Revert "Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md" This reverts commit c54f8e4864. Revert "DOCS MFA authentication" This reverts commit 5fe5833fb2.	2020-08-20 18:40:59 +12:00
Ingo Schommer	f8b4570cb1	DOCS MFA authentication (#9536) ... See https://github.com/silverstripe/silverstripe-installer/issues/280	2020-08-20 18:33:36 +12:00
Ingo Schommer	72a02a3d0e	Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md ... Co-authored-by: Serge Latyntsev <dnsl48@gmail.com>	2020-08-20 18:32:57 +12:00
Ingo Schommer	c54f8e4864	Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md ... Co-authored-by: Serge Latyntsev <dnsl48@gmail.com>	2020-08-20 18:32:39 +12:00
Ingo Schommer	b6169a87c2	DOCS HTTP header in server requirements	2020-07-29 14:28:20 +12:00
Jackson Darlow	ae1a883b32	Added mention of Session.timeout to secure_coding docs	2020-06-12 14:43:37 +12:00
Ingo Schommer	5fe5833fb2	DOCS MFA authentication ... See https://github.com/silverstripe/silverstripe-installer/issues/280	2020-06-04 08:46:34 +12:00
Michal Kleiner	21129b1624	Use short array syntax across the framework's codebase	2020-05-16 10:34:45 +01:00
Maxime Rainville	affd43052a	Merge branch '4.5' into 4	2020-02-17 18:11:23 +13:00
Maxime Rainville	acd7d94167	Merge branch '4.4' into 4.5	2020-02-17 13:07:26 +13:00
Serge Latyntcev	ad1b00ec7d	[CVE-2019-19325] XSS through non-scalar FormField attributes ... Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built with user input (Request data). This can lead to phishing attempts to obtain a user's credentials or other sensitive user input. There is no known attack vector for extracting user-session information or credentials automatically, it required a user to fall for the phishing attempt. XSS can also be used to modify the presentation of content in malicious ways.	2020-02-17 09:58:29 +13:00
Valentino Pesce	24c28e4457	Docs: Fix link to Middleware not found ... Fix link to Middleware not found in page Rate Limiting	2020-01-25 19:21:15 +01:00
Loz Calver	f4713d95f6	Merge pull request #9333 from creative-commoners/pulls/4/canonicalurlmiddleware-docs ... DOCS Add note about applying forceSSL to non-live environments	2019-11-25 11:37:30 +00:00
Garion Herman	bf38997b6e	DOCS Add note about applying forceSSL to non-live environments	2019-11-25 12:14:26 +13:00
Aaron Carlino	6888901468	NEW: Update docs to be compliant with Gatsby site (#9314) ... * First cut * Temporarily disable composer.json for netlify build * POC * New recursive directory query, various refinements * Fix flexbox * new styled components plugin * Apply frontmatter delimiters * Mobile styles, animation * Search * Redesign, clean up * Nuke the cache, try again * fix file casing * Remove production env file * ID headers * Move app to new repo * Add frontmatter universally * Hide children changelogs * Add how to title * New callout tags * Revert inline code block change * Replace note callouts * Fix icons * Repalce images * Fix icon * Fix image links * Use proper SQL icon	2019-11-18 17:58:33 +13:00
Maxime Rainville	d7f5ed3e65	DOC Substituce old apache syntax for Require	2019-09-25 16:59:48 +12:00
Matt Peel	7083f016c1	Update secure coding standards ... As of SS4.0.0 and the introduction of TrustedProxyMiddleware, the default now if no trusted proxies are defined is that nothing is a trusted proxy, whereas in SS3 a missing declaration was treated as everything being allowed.	2019-09-10 12:55:24 +12:00
Robbie Averill	3224c9971b	Merge branch '4.4' into 4	2019-08-02 11:24:54 +12:00
Robbie Averill	3b96c51688	Merge branch '4.3' into 4.4	2019-08-02 11:24:45 +12:00
Robbie Averill	2d2b0b82f0	DOCS Fix incorrect rendering of note on list item ... [ci skip]	2019-07-25 12:03:12 +02:00
Ingo Schommer	4d93e48b10	DOCS Add silverstripe/login-forms (#9112) ... See https://github.com/silverstripe/recipe-cms/issues/26. Dependant on https://github.com/silverstripe/silverstripe-installer/pull/257.	2019-07-16 10:11:37 +12:00
Erlend Mongstad	80b097eb68	Added missing Permission class to example ... Following the example will give the following error; ```[Emergency] Uncaught Error: Class {my namespace}\Permission not found``` Added the missing class	2019-04-17 02:36:13 +02:00
Robbie Averill	af8d268cc7	DOCS Update documentation for password validation rule configuration	2018-11-13 10:55:26 +02:00
Ingo Schommer	114b0a5ea7	NEW Option for secure "remember me" cookie ... Fixes #8234	2018-07-30 16:41:49 +01:00
Ingo Schommer	259aa06010	DOCS More resilient example domain ... myapp.com is owned, example.com is specifically reserved for documentation use cases: https://en.wikipedia.org/wiki/Example.com [ci skip]	2018-06-26 10:13:36 +12:00
Ingo Schommer	2e1e8e07b9	DOCS Consistent app/ folder and composer use ... - Stronger wording around "use composer" - Consistent domain and email address naming - Removed example for publishing non-composer modules (those shouldn't be encouraged) - Removed instructions for installing modules from archives [ci skip]	2018-06-25 10:40:19 +12:00
Damian Mooyman	3ea98cdb13	Migrate documentation from 3.x	2018-06-13 14:50:02 +12:00
Robbie Averill	c3e5ab2258	Merge pull request #65 from silverstripe-security/pulls/4.2/ss-2018-009 ... [SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication	2018-05-28 18:57:38 +12:00
Ingo Schommer	9097a95de2	Cookie lifetime docs	2018-05-21 11:36:53 +12:00
Ingo Schommer	5445a0d3fc	Corrected login data usage docs	2018-05-21 11:36:45 +12:00
Ingo Schommer	78fe189c6d	Merge pull request #8003 from open-sausages/pulls/4/docs-personal-data ... Docs for personal data usage in core	2018-05-17 17:11:56 +12:00
Kairat Jenishev	b4ba3cbd1f	DOCS Fix broken links and headers	2018-05-03 16:42:52 +01:00
Robbie Averill	1505a89a63	Update to include note about auto redirect to HTTPS for basic auth	2018-04-24 16:42:52 +12:00
Ingo Schommer	1b882e802e	Docs for personal data usage in core ... See https://github.com/silverstripe/silverstripe-framework/issues/7791	2018-04-13 13:23:05 +12:00
Damian Mooyman	625f7b4eee	Merge remote-tracking branch 'origin/4.0' into 4.1	2018-03-13 14:26:18 +13:00
cpenny	fdbf4c2134	Updated docs for Rate Limiting.	2018-03-09 08:15:11 +13:00
Gorrie Coe	3ae8838285	Added Name to example	2017-12-12 14:40:34 +13:00
Gorrie Coe	849038a60b	Added after priority to replace default authenticator.	2017-12-12 12:52:52 +13:00
Damian Mooyman	cdfb413395	Code block whitespace / formatting cleanup	2017-10-27 15:38:27 +13:00
Aaron Carlino	e7274b0ee4	Add namespaces	2017-10-27 12:45:26 +13:00
Daniel Hensby	c077abf353	DOCS new rate limiting docs	2017-09-27 17:40:04 +01:00
Simon Erkelens	774d44a574	Authentication documentation rewrite	2017-08-28 16:28:30 +12:00
Aaron Carlino	50c8a02bff	remove tabs	2017-08-07 15:11:17 +12:00
Aaron Carlino	e4935123d8	Remove a few more references	2017-08-07 14:01:38 +12:00
Aaron Carlino	6c0629f025	Remove more deprecated APIs	2017-08-07 14:01:38 +12:00
Aaron Carlino	e4fba5a7b1	add use statements	2017-08-07 14:01:38 +12:00
Aaron Carlino	84feab5a68	Yeah psr2 functions	2017-08-07 14:01:38 +12:00
Aaron Carlino	4c7a068b28	classes psr2	2017-08-07 14:01:38 +12:00
Aaron Carlino	2414eaeafd	Yay, clean arrays	2017-08-07 14:01:38 +12:00