The Open Berkeley managed website program includes website security for all individual websites, as well as the overall platform. The Web Platform Services team follows best practices for website security, which includes diligent monitoring of Drupal security releases and timely deployment of security updates.
Authentication
Logging in to sites on the Open Berkeley platform requires the appropriate CalNet affiliation. If a user is having CalNet authentication issues, they should contact the appropriate site owner (and/or their own department) to check their CalNet affiliation. The site owner can check with the Web Platform Services team if they have questions about managing or assigning roles, but any individual user should consult the site owner directly.
Website Security and the Open Berkeley Platform
Any new feature is carefully evaluated for security, and additional embedding (beyond built-in widget types) of iframes, scripts, and third-party products is not allowed, in order to prevent any inclusion of insecure code.
Additionally, all Open Berkeley websites are hosted on Pantheon, an external hosting partner that provides enterprise-grade security.
If you have any questions about the security of your website and/or the Open Berkeley platform, please email web-platform@berkeley.edu.