tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-09 04:49:40 +02:00
Code Issues Projects Releases Wiki Activity
d5893bf23c
silverstripe-framework/docs/en/02_Developer_Guides/09_Security/06_Personal_Data.md
Aaron Carlino 6888901468
NEW: Update docs to be compliant with Gatsby site (#9314) 
* First cut

* Temporarily disable composer.json for netlify build

* POC

* New recursive directory query, various refinements

* Fix flexbox

* new styled components plugin

* Apply frontmatter delimiters

* Mobile styles, animation

* Search

* Redesign, clean up

* Nuke the cache, try again

* fix file casing

* Remove production env file

* ID headers

* Move app to new repo

* Add frontmatter universally

* Hide children changelogs

* Add how to title

* New callout tags

* Revert inline code block change

* Replace note callouts

* Fix icons

* Repalce images

* Fix icon

* Fix image links

* Use proper SQL icon
2019-11-18 17:58:33 +13:00

74 lines
3.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Personal Data
summary: How the SilverStripe CMS deals with data privacy
icon: user-ninja
---
# Personal Data
SilverStripe is an application framework which can be used to process
and store data. Any data can be sensitive, particularly if it is
considered personal data. Many regulatory frameworks such as the
[EU General Data Protection Regulation (GDPR)](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation)
can be interpreted to regard basic data points such as email and IP addresses
as personally identifiable data.
This document is aiding implementors and auditors in determining
the impact of using the SilverStripe Framework and CMS
to build online services. Since every website and app built with
SilverStripe will be different, it can only provide starting points.
## Storage
The SilverStripe CMS does not provide any built-in mechanisms for users to submit personal data,
or register a user account. CMS authors are created by administrators through the CMS UI.
Since even the email address required to create such an account can be considered personal data,
youll need to get consent from existing and new CMS authors,
or cover this through other contractual arrangements with the individuals.
The primary location where SilverStripe can be configured to store personal data is the database.
Under different regulations, individuals can have the "right to be forgotten",
and can ask website operators to remove their data.
Most of the time, CMS administrators can action this without any technical help through
the CMS (through the “Security” section, or specialised UIs like user defined forms).
Be careful with Versioned records containing personal data:
These might require development effort to completely remove.
Note that CMS users arent versioned by default, so you can completely remove them through the UI.
## Transmission and Processing
SilverStripe recommends the use of encryption in transit (e.g. TLS/SSL),
and at rest (e.g. database encryption), but does not enforce these.
## Cookies
SilverStripe will default to using PHP sessions for tracking logged-in users,
which uniquely link users to their device/browser through a session cookie.
If the user chooses the "Remember me" feature on login,
this unique link will persist across sessions.
The default cookie lifetime for this feature is 48h.
See `SilverStripe\Security\Member::$auto_login_token_lifetime` for details.
## Login Attempts
SilverStripe is configured by default to record login attempts, in order to lock out users
after a defined number of attempts, and hence limit the attack surface of the login process.
This is predicated on tracking the IP address of the attempt, which can be considered personal data.
IP addresses related to these attempts are stored indefinitely unless manually purged
from the `LoginAttempt` table.
See `SilverStripe\Security\Security::$login_recording` and
`SilverStripe\Security\Security::$lock_out_after_incorrect_logins` for details.
## Logging and Exceptions
SilverStripe provides a logging mechanism, which depending on your usage, configuration and hosting
environment might store personal data outside of the SilverStripe database.
The core system stores personal data for members, but does not log it.
As a PHP application, SilverStripe can also throw exceptions. These can include
metadata such as method arguments and session data. If your application is configured
to catch exceptions and log them (e.g. via a SaaS product), you could inadvertently store
personal data in other systems. One mitigation is to create whitelists based on
parameter naming, see the [silverstripe/raygun](https://github.com/silverstripe/silverstripe-raygun)
module for an example implementation.
Reference in New Issue View Git Blame Copy Permalink