About Plone Security

10 reasons behind an extraordinary security track record of Plone.

Plone is Python's enterprise-grade content management system (CMS). With no ZERO DAY(*) ever, it has the best security track record of any major CMS.

  1. No SQL == No SQL Injection: Plone uses the Zope Object Database for persistent storage and is therefore immune to the 6,000 (and growing) SQL Injection vulnerabilities listed in security databases. The database uses a binary format that cannot have user data inserted.
  2. Sanitized Input: Plone has strong filtering in place to make sure that no potentially malicious code can ever be entered into the system. Content is stripped of malicious tags and the template language quotes all HTML by default.
  3. Permission Checks: In Plone, permissions control whether logged-in or anonymous users can execute code and access content. Permission checks are done for every view or method accessed by incoming HTTP request. By contrast, other frameworks require the developer to implement access restrictions in the view on their own.
  4. Advanced Sandboxing: Plone runs almost like its own virtual container and limits the damage that can be done through the browser. Thanks to this advanced sandboxing, most vulnerabilities only affect the site itself and will never reach the server.
  5. CSRF Protection at the Database Level: Plone 5 includes automatic CSRF (Cross-Site Request Forgery) and clickjacking protection, safeguarding both your site and add-ons from the most common forms of vulnerabilities.
  6. Hardened Over Time: First released in 2003, Plone benefits from the security that only comes from being time-tested in the public – a distinct advantage over proprietary, closed source alternatives. Frameworks that necessitate the creation of security mechanisms from scratch require greater development resources and cannot achieve the same maturity overnight.
  7. Integrated Security Checks: Plone is based on the Zope application server, where security policies control authorization, defining who can do what and where they can do it. Zope's development included security from the start, not as a feature added later.
  8. Easy Security Fixes: The Plone Security Team releases security fixes as add-ons instead of patching files. This means you do not have to replace your entire Plone install or dig for specific files: simply add the hotfix to your instance.
  9. Dedicated Security Team: The Plone Security Team releases regular updates every four months. These fixes almost exclusively contain fixes and security improvements found by the security team's audits. More serious vulnerabilities have fixes released more quickly, but that was only necessary 3 times in 2015 and not at all in 2014.
  10. Trusted by the CIA, FBI, and Others: Additionally, the government of Brazil, the municipalities in Italy and Belgium, many schools, universities, governments and businesses around the world have chosen Plone for secure, enterprise web content management.



Read more about Plone's features

* Plone has never received a report of a serious vulnerability in Plone being exploited in the wild.