Secure edit and admin user interfaces
Describes security considerations related to unauthorized access to the editing and administration user interfaces of Optimizely Content Management System (CMS), when running the Optimizely Digital Experience Platform (DXP).
Optimizely Content Management System (CMS) provides access for multiple editors to work with content across sites collaboratively, using devices of their choice. Access may, in some instances, raise concerns about unauthorized access to CMS's editing and administration interfaces.
Optimizely builds security and privacy into the CMS platform and the Azure cloud services on which it bases the Optimizely Digital Experience Platform (DXP). CMS's features must meet the highest quality standards, including Security measures.
Consider the following additional precautions to prevent unauthorized access:
- Ensure that the connection is secure; use an SSL server test tool to verify.
- Use federated authorization to a trusted authority to secure editor identities.
- Use a Web Application Firewall (WAF) to protect against threats such as DDOS.
- Run penetration tests regularly, and use a web security scanning tool.
See Decoupled setup if you are running a solution with physical separation of servers.
Updated 6 months ago