new files

Author: “Jeanne

guides/v2.0/architecture/extensibility.md

@@ -0,0 +1,54 @@
+---
+layout: default
+group: arch-guide
+subgroup: Architectural Basics
+title: Extensibility and modularity
+menu_title: 
+menu_node: 
+menu_order: 
+github_link: architecture/extensibility.md
+---
+
+<h2 id="m2arch-whatis-overview">Extensibility and modularity</h2>
+
+
+Product <i>extensibility</i> describes how easy  it is to expand  a product's feature set. An extensible product has been designed from its earliest planning stages for  customization and enhancement. It is designed for ease in  augmenting your installation's feature set, enriching current features, and integrating with third-party software
+
+
+Maximizing extensibility has been our goal through all aspects of Magento development.  Core tasks such as Shipping are packaged as discrete modules, and you expand your storefront features by installing modules that you either buy from third-party vendors or create yourself. While logic specific to each shipping carrier is packaged in a discrete module, you can easily add or delete shipping providers by simply adding or deleting modules. The product framework provides common logic to control routing and other core application functions.  
+
+Explore Magento's potential for customization through these topics: 
+
+* Global product features that support extension development
+* Ease of frontend customization 
+
+
+<h3>What makes a product extensible? </h3>
+
+<i>Magento extensibility</i> describes the product's built-in ability for developers and merchants to routinely extend their storefront’s capabilities as their business grows. 
+
+
+The effort involved in extending a product is influenced by: 
+
+* <b>architectural principles that guide product structure</b>. Central to the Magento model of software development is the practice of replacing or extending core code rather than editing it. This strategy enables you to maintain the integrity of the tested code we provide while still extensively customizing your storefront.
+
+
+* <b>open-source software to create and manage extensions</b>. Magento is built on open-source technologies, built by and for the development community. It uses Composer, an open-source tool, to manage dependencies. See <a href="{{ site.gdeurl }}architecture/tech-stack.html">Technology Stack</a>  for a complete list. 
+
+* <b>coding standards</b>. Adherence to  standard best practices for PHP and JavaScript code ensures that the code base is sound. Magento has adopted most of the Zend Framework Coding Standards for PHP. See <a href="{{ site.gdeurl }}coding-standards/bk-coding-standards.html">Coding Standards</a> for more information.
+
+* <b>upgrade and versioning strategies</b>. Magento has well-defined upgrade and versioning strategies that can help you avoid any problems with software component dependencies. Add modules after confirming that the module version is compatible with the Magento Framework version. See  <a href="{{ site.gdeurl }}install-gde/bk-install-guide.html">Installation Guide</a> for more information. 
+
+
+<h3 id="m2arch-related">Related topics</h3>
+
+
+<a href="{{ site.gdeurl }}architecture/archi_perspectives/ABasics_intro.html">Architectural basics</a>
+
+<a href="{{ site.gdeurl }}architecture/global_extensibility_features.html">Global product features that support extension development</a>
+
+<a href="{{ site.gdeurl }}architecture/frontend_custom_strategies.html">Ease of frontend customization</a>
+
+
+
+

guides/v2.0/architecture/security_intro.md

@@ -0,0 +1,38 @@
+---
+layout: default
+group: arch-guide
+subgroup: 
+title: Security overview
+menu_title: Security 
+menu_order: 
+github_link: architecture/security_intro.md
+---
+
+<h2 id="security_intro">Security overview</h2>
+Magento 2.0 includes the following security enhancements: 
+
+
+
+* <b>Enhanced password management</b>. Magento has strengthened the hashing algorithms (SHA-256) used in password management. 
+
+
+* <b>Improved prevention of cross-site scripting (XSS) attacks by making escaped data the default</b>. The Magento Framework has adopted conventions that regulate the escaping of data in output. These conventions include the ability to escape  output for HTML pages (HTML, JSON, and JavaScript) and email. Where possible, escaping is transparent to client code. See <a href="{{ site.gdeurl }}frontend-dev-guide/templates/template-security.html">Security measures against XSS attacks</a> in the Frontend Developer Guide. 
+
+* <b>Restricted permissions for file access</b>. Ability to set discrete file access for production and developer  modes. This change tightens security on generated files, static files, and any files and directories created by Magento (including logs, backups, and reports). See <a href="{{ site.gdeurl }}install-gde/install/file-system-perms.html"> Set file system ownership and permissions </a> in the Installation Guide.
+
+	Magento also provides  a CLI command that switches between developer mode and production mode. When you use the command to switch mode, the system also changes file system permissions. In production mode,   directory permissions are set to 750, and file permissions are set to 640. In developer mode, directory permissions are set to 770, and file permissions are set to 660. 
+	
+	(Permissions need to vary due to user need, of course. For example, the Magento file system owner must own the file system. In contrast, the web server user needs read access only to the file system and write access to some directories (such as `pub/media`). And the web server user should not have write access to the entire Magento file system. For more information, see <a href="{{ site.gdeurl }}install-gde/prereq/apache-user.html"> Create the magento file system owner</a>.)
+
+* <b>Improved prevention of clickjacking exploits</b>. Magento safeguards your store from clickjacking attacks by using an X-Frame-Options HTTP request header. For more information, see <a href="{{ site.gdeurl }}config-guide/secy/secy-xframe.html"> X-Frame-Options header</a>.
+
+* <b>Use of non-default admin URL</b>. A default admin URL makes it easy to target attacks on specific locations using automated password guessing. To prevent against this type of attack, Magento by default creates a random Admin URI when you install the product. The CLI is provided so that you can  see the password if you forget it. You can also use the CLI change this URI.  Although the use of a non-default admin URL will not secure the site, its use will help prevent large-scale automated attacks. See <a href="{{ site.gdeurl }}install-gde/install/cli/install-cli-adminurl.html"> Display or change the Admin URI</a> in Configuration Guide for more information. 
+
+
+
+
+<h2>Related topics</h2>
+<a href="{{ site.gdeurl }}config-guide/bk-config-guide.html">Configuration Guide</a>
+
+
+

guides/v2.0/architecture/storefront_customization.md

@@ -0,0 +1,47 @@
+---
+layout: default
+group: arch-guide
+subgroup: Architectural Basics
+title: Storefront customization strategies
+menu_title: Storefront customization strategies
+menu_order: 
+github_link: architecture/storefront_customization.md
+
+---
+
+<h2>Storefront customization strategies</h2>
+
+We can generalize about the range of storefront customizations that the Magento supports. This range spans the simplest customizations, which involve only small additions to the default Magento storefront settings, to a complete replacement of Magento-provided HTML and CSS. 
+
+These four levels of potential storefront customization are listed in order of increasing complexity. 
+
+<h3>Extend Magento-Provided CSS</h3>
+Magento supplies a default theme and a LESS-based CSS set of styles. You can substantially change a storefront using CSS only.  This uncomplicated strategy might suit projects with a limited budget, or might interest developers who create different skins for a site. A small business enter this process of storefront customization by buying a third-party developed theme from Magento Connect to extend the default values.
+
+<h3>Replace PHTML template files</h3>
+In addition to extending the default CSS, you can generate different HTML markup. For example, you might need to add a missing CSS class name, or an add an extra `<div>` tag to achieve some visual effect. You might also need to tweak some JavaScript to cope with different HTML markup. This change is more demanding than simply extending Magento CSS, but is still within the grasp of smaller projects and leaner teams.
+
+<h3>Replace Magento-Provided CSS</h3>
+Rather than edit the default CSS provided by Magento, you might decide to replace all the default storefront CSS code with your own. This strategy avoids tying a project to the Magento-provided CSS, but puts a greater burden on project development and integration. It also allows use of different CSS tools or technologies not provided with Magento. Partners who build their own set of CSS libraries could reuse these libraries on different customer projects. (These unique CSS libraries may help differentiate a partner from others in the market.) 
+
+In addition to replacing CSS files, you might need to replace small amounts of HTML and JavaScript.
+
+
+<h3>Replace Magento-Provided CSS, HTML, and JavaScript</h3>
+Delivering a sharply different shopping experience than the default Magento installation provides is a more substantial task. However, the tradeoff might be a more complicated experience integrating additional extensions into your installation in the future. 
+
+<div class="bs-callout bs-callout-info" id="info">
+  <p>Note: Any customization of your storefront will work optimally, and provide the easiest path for later upgrades, if you follow the best practice of consistently compartmentalizing code by type. For example, keep all HTML in PHTML files; keep all JavaScript in JavaScript files.</p>
+</div>
+
+<h3>Related topics</h3>
+
+<a href="{{ site.gdeurl }}architecture/AStorefront_view.html">Magento storefront view</a>
+
+<a href="{{ site.gdeurl }}frontend-dev-guide/bk-frontend-dev-guide.html">Frontend Developer Guide</a>
+
+
+<a href="{{ site.gdeurl }}javascript-dev-guide/bk-javascript-dev-guide.html">JavaScript Developer Guide</a>
+
+
+