Provides an interface to HTTP basic authentication.

Provides a security interface functionality within the cms

Provides access to the default admin

A security group.

Calculates batch permissions for nested objects for:

  • canView: Supports 'Anyone' type
  • canEdit
  • canDelete: Includes special logic for ensuring parent objects can only be deleted if their children can be deleted also.

Provides standard permission fields for inheritable permissions

Record all login attempts through the LoginForm object.

Abstract base class for a login form

Log out form to display to users who arrive at 'Security/logout' without a CSRF token. It's preferable to link to Security::logout_url() directly - we only use a form so that we can preserve the "BackURL" if set

The member class which represents the users of the system

Imports member records, and checks/updates duplicates based on their 'Email' property.

Keep track of users' previous passwords, so that we can check that new passwords aren't changed back to old ones.

Represents a set of Groups attached to a member.

Member Validator

Specialized subclass for disabled security tokens - always returns TRUE for token checks. Use through SecurityToken::disable().

Allows pluggable password encryption.

Blowfish encryption - this is the default from SilverStripe 3.

Legacy implementation for SilverStripe 2.1 - 2.3, which had a design flaw in password hashing that caused the hashes to differ between architectures due to floating point precision problems in base_convert().

Uses MySQL's OLD_PASSWORD encyrption. Requires an active DB connection.

Uses MySQL's PASSWORD encryption. Requires an active DB connection.

Cleartext passwords (used in SilverStripe 2.1).

Encryption using built-in hash types in PHP.

Check if authenticated user has password expired.

This class represents a validator for member passwords.

Represents a permission assigned to a group.

Shows a categorized list of available permissions (through Permission::get_codes()).

Readonly version of a PermissionCheckboxSetField - uses the same structure, but has all checkboxes disabled.

A PermissionRole represents a collection of permission codes that can be applied to groups.

A PermissionRoleCode represents a single permission code assigned to a PermissionRole.

Permission_Group class

Convenience class for generating cryptographically secure pseudo-random strings/tokens

Persists a token associated with a device for users who opted for the "Remember Me" feature when logging in.

Core authentication handler / store

Implements a basic security model

Cross Site Request Forgery (CSRF) protection for the Form class and other GET links.


An AuthenticationHandler is responsible for providing an identity (in the form of a Member object) for a given HTTPRequest.

Abstract base class for an authentication method

Allows objects to enforce permissions for the "root" level, where permissions can not be tied to a particular database record.

Represents an authentication handler that can have identities logged into & out of it.

Calculates edit / view / delete permissions for one or more objects

Used to let classes provide new permission codes.


Throw this exception to register that a user doesn't have permission to do the given action and potentially redirect them to the log-in page. The exception message may be presented to the user, so it shouldn't be in nerd-speak.