Learn how to improve the security of your eFront environment by applying recommended configuration and access control practices.
No application can ever be 100% secure. The following tips will help you keep your environment safe:
- Remove write access for the web server for any files and folders that the system does not require write access to. Check Maintenance > Information (Filesystem permissions section) for a list of these folders.
- Make sure that the system where your web and database servers are installed is always up-to-date. Use a supported PHP version, with PHP 8.0 or later required (as defined in composer.json).
- Ensure that database connections use SSL where possible.
- Enable available security features such as:
- Two-factor authentication (2FA)
- Security logging
- Content Security Policy (CSP) nonce support
- Anyone with administrator-level access in eFront can install plugins using the Plugins option. Disable this capability for users who do not need it (using custom user types).
- Carefully assign plugin execution permissions:
- plugins
- run_plugins (Execute plugins)