Security in Drupal

  • Stéphane Corlosquet


The Internet is rife with spammers and hackers threatening to deface or take down your site, ruin your brand, paralyze your community, or steal confidential data. Whether you are a site administrator, module developer, themer, system administrator, or user, you ought to bear security in mind when administering your site or writing code. You could put your own site or other people’s sites at risk if you don’t follow some simple rules and best practices. Fortunately, you are not alone in this situation, and the Drupal community has developed a solid process to help you avoid major headaches when dealing with security matters.


Security Vulnerability Stable Release Code Review Public Service Announcement Security Advisory 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1 Wikipedia, “Cross-site scripting,”, 2011.
  2. 5 Drupal, “Drush,”, 2011.
  3. 6 Drupal, “,”, 2011.
  4. 7 Wikipedia, “Cross-site request forgery,”, 2011
  5. 8 Wikipedia, “SQL injection,”, 2011
  6. 9 Drupal, “Database API,”, 2011.

Copyright information

© Benjamin Melançon, Jacine Luisi, Károly Négyesi, Greg Anderson, Bojhan Somers, Stéphane Corlosquet, Stefan Freudenberg, Michelle Lauer, Ed Carlevale, Florian Lorétan, Dani Nordin, Ryan Szrama, Susan Stewart, Jake Strawn, Brian Travis, Dan Hakimzadeh, Amye Scavarda, Albert Albala, Allie Micka, Robert Douglass, Robin Monks, Roy Scholten, Peter Wolanin, Kay VanValkenburgh, Greg Stout, Kasey Qynn Dolin, Mike Gifford, Claudina Sarahe, Sam Boyer, and Forest Mars, with contributions from George Cassie, Mike Ryan, Nathaniel Catchpole, and Dmitri Gaskin 2011

Authors and Affiliations

  • Stéphane Corlosquet

There are no affiliations available

Personalised recommendations