mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-19 16:06:32 +02:00
71 lines
3.6 KiB
Markdown
71 lines
3.6 KiB
Markdown
title: Personal Data
|
||
summary: How the SilverStripe CMS deals with data privacy
|
||
|
||
# Personal Data
|
||
|
||
SilverStripe is an application framework which can be used to process
|
||
and store data. Any data can be sensitive, particularly if it is
|
||
considered personal data. Many regulatory frameworks such as the
|
||
[EU General Data Protection Regulation (GDPR)](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation)
|
||
can be interpreted to regard basic data points such as email and IP addresses
|
||
as personally identifiable data.
|
||
|
||
This document is aiding implementors and auditors in determining
|
||
the impact of using the SilverStripe Framework and CMS
|
||
to build online services. Since every website and app built with
|
||
SilverStripe will be different, it can only provide starting points.
|
||
|
||
## Storage
|
||
|
||
The SilverStripe CMS does not provide any built-in mechanisms for users to submit personal data,
|
||
or register a user account. CMS authors are created by administrators through the CMS UI.
|
||
Since even the email address required to create such an account can be considered personal data,
|
||
you’ll need to get consent from existing and new CMS authors,
|
||
or cover this through other contractual arrangements with the individuals.
|
||
|
||
The primary location where SilverStripe can be configured to store personal data is the database.
|
||
Under different regulations, individuals can have the "right to be forgotten",
|
||
and can ask website operators to remove their data.
|
||
Most of the time, CMS administrators can action this without any technical help through
|
||
the CMS (through the “Security” section, or specialised UIs like user defined forms).
|
||
|
||
Be careful with Versioned records containing personal data:
|
||
These might require development effort to completely remove.
|
||
Note that CMS users aren’t versioned by default, so you can completely remove them through the UI.
|
||
|
||
## Transmission and Processing
|
||
|
||
SilverStripe recommends the use of encryption in transit (e.g. TLS/SSL),
|
||
and at rest (e.g. database encryption), but does not enforce these.
|
||
|
||
## Cookies
|
||
|
||
SilverStripe will default to using PHP sessions for tracking logged-in users,
|
||
which uniquely link users to their device/browser through a session cookie.
|
||
If the user chooses the "Remember me" feature on login,
|
||
this unique link will persist across sessions.
|
||
The default cookie lifetime for this feature is 48h.
|
||
See `SilverStripe\Security\Member::$auto_login_token_lifetime` for details.
|
||
|
||
## Login Attempts
|
||
|
||
SilverStripe is configured by default to record login attempts, in order to lock out users
|
||
after a defined number of attempts, and hence limit the attack surface of the login process.
|
||
This is predicated on tracking the IP address of the attempt, which can be considered personal data.
|
||
IP addresses related to these attempts are stored indefinitely unless manually purged
|
||
from the `LoginAttempt` table.
|
||
See `SilverStripe\Security\Security::$login_recording` and
|
||
`SilverStripe\Security\Security::$lock_out_after_incorrect_logins` for details.
|
||
|
||
## Logging and Exceptions
|
||
|
||
SilverStripe provides a logging mechanism, which depending on your usage, configuration and hosting
|
||
environment might store personal data outside of the SilverStripe database.
|
||
The core system stores personal data for members, but does not log it.
|
||
|
||
As a PHP application, SilverStripe can also throw exceptions. These can include
|
||
metadata such as method arguments and session data. If your application is configured
|
||
to catch exceptions and log them (e.g. via a SaaS product), you could inadvertently store
|
||
personal data in other systems. One mitigation is to create whitelists based on
|
||
parameter naming, see the [silverstripe/raygun](https://github.com/silverstripe/silverstripe-raygun)
|
||
module for an example implementation. |