Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does Drupal's security compare to Plone's? [closed]

Tags:

drupal

plone

How does Drupal's security compare to Plone's?

Note:

It will be great if the comparison includes V.7 for Drupal and V.4 for Plone.

Thanks

like image 807
wassimans Avatar asked Nov 29 '22 17:11

wassimans


2 Answers

There's a good overview of how Plone handles the top 10 security issues in the web app world here:

http://plone.org/products/plone/security/overview

Organizations like the FBI, CIA and European Network and Information Security Agency (ENISA) all use Plone, if that is an indication.

Plone has the best track record in security of any major CMS, and we take it very seriously. We have an architecture that is built around sandboxing, proper ACLs and a powerful security model.

Drupal has a pretty horrible security record (see the CVE numbers quoted in another comment), as do the other two major PHP-based frameworks (Wordpress and Joomla). Plone is Python-based, but you probably know that already.

Plone makes it easier to write secure add-ons, since we have a proper security model that makes it pretty hard to write code that is inherently insecure. This is different from any other system out there, and is another core differentiator.

(And yes, this answer is biased, I'm one of the founders ;)

like image 138
limi Avatar answered Dec 11 '22 03:12

limi


The security of the main framework is pretty solid in both cases; the problems are almost always found in the add-on modules, so you need to evaluate each module you plan to use individually.

like image 35
Spudley Avatar answered Dec 11 '22 02:12

Spudley