
By Sebastian Gierlinger
You very likely will interact with a content management system (CMS) multiple times today.
Related: How ‘business logic’ hackers steal from companies
For instance, the The Last Watchdog article you are reading uses a CMS to store posts, display them in an attractive manner, and provide search capabilities. Wikipedia uses a CMS for textual entries, blog posts, images, photographs, videos, charts, graphics, and “talk pages” that help its many contributors collaborate.
Chances are strong that your corporate website uses a CMS, and perhaps you have a separate CMS for documents and other files shared by your employees, partners, and suppliers.
Security is essential for a CMS. That’s obviously true if the content in that system requires some level of privacy and access control for internal use, such as for legal documents, customer contracts, and other assets. Security is also necessary if your retrieval system (such as a website or mobile app) has a paywall or is restricted to only a subset of people, such as customers or resellers.
What about public information? Even if you give your content away, you don’t want to allow unauthorized people to add, delete, or tamper with your files.