Provides an interface to HTTP basic authentication.
Provides a security interface functionality within the cms
Provides access to the default admin
A security group.
Calculates batch permissions for nested objects for: - canView: Supports 'Anyone' type - canEdit - canDelete: Includes special logic for ensuring parent objects can only be deleted if their children can be deleted also.
Provides standard permission fields for inheritable permissions
Record all login attempts through the {@link LoginForm} object.
Abstract base class for a login form
Log out form to display to users who arrive at 'Security/logout' without a CSRF token. It's preferable to link to {@link Security::logout_url()} directly - we only use a form so that we can preserve the "BackURL" if set
The member class which represents the users of the system
Imports member records, and checks/updates duplicates based on their 'Email' property.
Keep track of users' previous passwords, so that we can check that new passwords aren't changed back to old ones.
Represents a set of Groups attached to a member.
Member Validator
Specialized subclass for disabled security tokens - always returns TRUE for token checks. Use through {@link SecurityToken::disable()}.
Allows pluggable password encryption.
Blowfish encryption - this is the default from SilverStripe 3.
Legacy implementation for SilverStripe 2.1 - 2.3, which had a design flaw in password hashing that caused the hashes to differ between architectures due to floating point precision problems in base_convert().
Uses MySQL's OLD_PASSWORD encyrption. Requires an active DB connection.
Uses MySQL's PASSWORD encryption. Requires an active DB connection.
Cleartext passwords (used in SilverStripe 2.1).
Encryption using built-in hash types in PHP.
This class represents a validator for member passwords.
Represents a permission assigned to a group.
Shows a categorized list of available permissions (through {@link Permission::get_codes()}).
Readonly version of a {@link PermissionCheckboxSetField} - uses the same structure, but has all checkboxes disabled.
A PermissionRole represents a collection of permission codes that can be applied to groups.
A PermissionRoleCode represents a single permission code assigned to a {@link PermissionRole}.
Permission_Group class
Convenience class for generating cryptographically secure pseudo-random strings/tokens
Persists a token associated with a device for users who opted for the "Remember Me" feature when logging in.
Core authentication handler / store
Implements a basic security model
Cross Site Request Forgery (CSRF) protection for the {@link Form} class and other GET links.


An AuthenticationHandler is responsible for providing an identity (in the form of a Member object) for a given HTTPRequest.
Abstract base class for an authentication method
Allows objects to enforce permissions for the "root" level, where permissions can not be tied to a particular database record.
Represents an authentication handler that can have identities logged into & out of it.
Calculates edit / view / delete permissions for one or more objects
Used to let classes provide new permission codes.


Throw this exception to register that a user doesn't have permission to do the given action and potentially redirect them to the log-in page. The exception message may be presented to the user, so it shouldn't be in nerd-speak.