Inquiring about the Security Measures in Discourse

We have an idea, and we want to implement that idea by building a website using Discourse.
So before using discourse, we have some questions.

1. Is Discourse secure?
2. If yes, what level of security is provided by Discourse against various types of cyberattacks, such as DDoS and SQL injection?
3. In the event that the IP address and server provider information of our Discourse-based website are compromised, what steps can be taken to ensure security?

1 Like

I’m a bit confused, aren’t you already using Discourse?:

5 Likes

There’s a document that should answer many of your questions.
discourse/SECURITY.md at main · discourse/discourse · GitHub

5 Likes

Unfortunately, there really is no such thing as “secure” without qualifiers. You need to consider your threats and risks in order to make this decision.

What information are you trying to secure? Who do you expect to try to compromise it? What would be the consequences of a leak of supposed-to-be-private information? How irreparable would such a leak be? How much are you willing to inconvenience your users to reduce risk? Etc.

6 Likes