Primer offers a high degree of safety through the consistent implementation of protective measures.
Carefully selected components
All components in Primer have been selected under strict criteria. They have a high reputation and consistently implement proprietary recommendations to ensure safety.
We only use components that are actively developed further and whose updates are regularly installed.
Authorization levels for users
With the standard authorization levels of Primer, numerous responsibilities are already clearly separated. The rights of users are thus restricted to a clearly defined set and the actions of the users are traceable.
Use of proven methods
The Drupal community has established a large collection of measures to ensure the security of Drupal.
The same measures are applied to the development and maintenance of Primer.
In addition, other tools are used, such as monitoring irregularities in all instances.
Systematic quality assurance
The development process is implemented with strict automatic tests.
All functions of Primer are fully tested with every code adaptation and thus every update and irregularities are immediately investigated.
The code of all developers is consistently checked and must meet the strict criteria of our "Definition of done".
Secure data transmission with https
To ensure secure data transmission, all websites are automatically equipped with https / SSL. Thanks to Let's Encrypt, there are no more recurring costs for certificates.
Automated security updates
All affected projects with Primer support are automatically updated with a new release after security updates are released.
The severity level determines the procedure:
- Critical security updates are applied immediately without delay
- Less critical updates are installed at regular intervals
Each case is thus treated individually with the appropriate measures.
For example, the highly sensitive security update SA-CORE-2018-02 was rolled out on all instances within 2 hours.
Individual additional requirements
Innumerable other individual measures to increase security are possible. For example, Single Sign on (SSO) has already been implemented with primers and tools for the integration of Two Factor Authentication (2FA) are also available.