This repository has been archived by the owner on Jul 25, 2019. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 79
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
82a16c0
commit c650588
Showing
4 changed files
with
84 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,30 +1,46 @@ | ||
--- | ||
title: "Security" | ||
title: "Ghost Security" | ||
sidebar: "concepts" | ||
--- | ||
|
||
## This is the second heading | ||
Ghost is committed to developing secure, reliable products utilising all modern security best practices and processes. | ||
|
||
Spicy jalapeno cupidatat chicken ut filet mignon sausage ut boudin nulla reprehenderit strip steak proident cillum incididunt short loin cow. Pig in pastrami, leberkas eiusmod enim bresaola do. Filet mignon officia quis kevin pork, swine strip steak excepteur hamburger chicken pork chop boudin shankle. Velit chicken pig in cupim kielbasa jerky. Bresaola excepteur veniam, andouille magna brisket aliquip nostrud jerky. | ||
The Ghost security team is made up of full time staff employed by the Ghost Foundation as well as volunteer open source contributors and security experts. We do both consultation and penetration testing of our software and infrastructure with external security researchers and agencies. | ||
|
||
```javascript | ||
makeArray() { | ||
// Hey hey what can I do | ||
const foo = [] | ||
bar.split('').forEach(letter => { | ||
foo.push(letter) | ||
}) | ||
return foo | ||
} | ||
``` | ||
We take security very seriously at Ghost and welcome any peer review of our completely [open source codebase](https://github.com/tryghost/ghost) to help ensure that it remains completely secure. | ||
|
||
### This is the third heading | ||
|
||
Pork chop ribeye ut chicken buffalo proident minim leberkas cupim adipisicing burgdoggen incididunt pastrami cupidatat. Prosciutto kevin dolore labore ham, cupidatat pork loin fatback picanha irure ad short ribs duis. Cupidatat excepteur jerky doner, incididunt consectetur turkey pariatur. Culpa consectetur cillum shank ham hock anim pastrami ex tempor eu. Fatback strip steak pig, bacon salami drumstick ut capicola short loin flank. | ||
## Security Features | ||
|
||
Jowl dolor duis, cupidatat pork tempor nostrud incididunt short loin laborum. Duis nostrud fatback ribeye consequat ad. Proident pancetta ut tempor. Short loin officia eiusmod beef. Sunt tongue pig venison, sint mollit ad excepteur velit adipisicing flank pancetta pariatur. Dolor t-bone swine alcatra fatback ribeye, mollit dolore incididunt ullamco. | ||
### SSL | ||
|
||
Spare ribs aute fugiat, pariatur andouille labore nulla exercitation. Aliqua picanha sirloin consequat drumstick sint exercitation pork nisi et. Dolore swine fugiat pork salami proident. Bacon excepteur filet mignon labore pariatur in in nulla magna fugiat prosciutto. Laboris sint ground round, pancetta ipsum in pariatur voluptate fatback andouille velit shoulder flank quis sausage. | ||
Letsencrypt integration, non-support of SSL in 2019 | ||
|
||
Hamburger ham shank est, officia qui capicola proident. Ribeye dolore prosciutto sirloin alcatra. Rump short ribs quis ex fugiat proident incididunt irure t-bone meatball veniam sirloin meatloaf. Tongue anim sint pancetta bresaola sirloin. | ||
Does your lorem ipsum text long for something a little meatier? Give our generator a try… | ||
### Password Hashing | ||
|
||
bcrypt | ||
|
||
### XSS Prevention | ||
|
||
Embeds not available in trusted environment (Editor) | ||
|
||
### CSRF | ||
|
||
- Tokens on HTTP requests? When? For what? | ||
- What about API calls? | ||
- Any considations for caching? | ||
|
||
### DDoS | ||
|
||
TLDR use Caching/HAProxy | ||
|
||
|
||
## Security Risks | ||
|
||
### Privelige Escalation | ||
|
||
Install admin / frontend on different domains | ||
|
||
### Server Hardening | ||
|
||
Ensure proper user permissions, or just use Ghost-CLI |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters