Telligent Community performs security procedures to protect websites from common security risks. The following table describes how it guards against some common security risks. Note: This list is not exhaustive; Telligent Community actually guards against a much wider set of attacks.
Procedure | Description |
SQL injection | SQL injection occurs in the database layer of an application. Telligent Community sanitizes input and utilizes stored procedure calls. |
Path injection | Telligent Community takes an in-depth security approach and at different layers, validating that the requesting user has permission to files. It also utilizes built-in path protection provided by Internet Information Services (IIS). |
Prevent JavaScript by default | Users are not allowed to submit JavaScript that will execute from a Telligent Community site. This is achieved partially through input validation and sanitation of data on the server. |
Input validation |
Telligent Community performs input by white-listing approved (that is, marking as safe) HTML elements and attributes that may be used in posts. Any element or attribute that is not on the list in communityserver.config is scrubbed out. Telligent Community also uses custom validators to ensure that user input is appropriate. |
Information leakage | Applications can unintentionally leak information about their configuration and internal workings, or they can violate privacy through a variety of application problems. Attackers use these weaknesses to steal sensitive data or conduct more serious attacks. |
Cross-site request forgery | A cross-site request forgery attack forces a logged-on user's browser to send a preauthenticated request to a vulnerable Web application, which then forces the victim's browser to perform a hostile action. |