📣 We're Hiring!

Howto secure SuiteCRM installation

Hi,

I am new to suitecrm and I am using the vesion 7.9.17. I need to secure the installation as well as the site including HTTP headers.

How do I that?

There’s nothing very specific to say about SuiteCRM in this regard: if you have a nicely secured web server, that’s all you need.

So use HTTPS, use PHP > 7.0, secure your network, lock down your file permissions appropriately, in general, follow best-practices for PHP apps and web servers.

I don’t know of specific advice I can add for SuiteCRM, unless you’re also concerned with in-app security (different users, which records they can access, etc.).

I am serving the application through HTTPS.

When I try to secure the HTTP secure like Content-Security-Policy, the login page does not render correctly.

What would be correct Content-Security-Policy that needs to be added into?

You need to check documentation about web server configuration, I’m no good at that.

I found some stuff here

http://support.sugarcrm.com/Documentation/Sugar_Developer/Sugar_Developer_Guide_8.0/Security/Web_Server_Configuration/

that, and the rest of that chapter, probably applies to SuiteCRM to a great extent, if not completely.

But if you need more than that you’ll have to Google for it… good luck.