We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Security Concerns

We built a significant system on Phalcon. After doing so, our client learned that his sys admin has security concerns regarding Phalcon. Can someone point me to documentation regarding Phalcon having been certified for use in a secure platform? any help to answer my client's concerns would be greatly appreciated.

edited Mar '16

What are your clients concerns? It's hard to give you any answers without going into detail but I think you should be more worried with PHP security vulnerabilities than specifically aiming it at the framework...

Your application is as secure as the developer makes it.

You need to find out what exactly the security concerns are, it is best to speak with the sys admin directly. If you have built a significantly large codebase on top of this framework, you will probably have answers to most if not all of his concerns / worries. Unless it is some security issue within the extension itself, you have to speak with him to find out, and if his concerns are unfounded, you will waste your time chasing ghosts.

Any news on this, why your sys adm had concerns regarding security?