The Internet is rife with spammers and hackers threatening to deface or take down your site, ruin your brand, paralyze your community, or steal confidential data. Whether you are a site administrator, module developer, themer, system administrator, or user, you ought to bear security in mind when administering your site or writing code. You could put your own site or other people’s sites at risk if you don’t follow some simple rules and best practices. Fortunately, you are not alone in this situation, and the Drupal community has developed a solid process to help you avoid major headaches when dealing with security matters.
KeywordsSecurity Vulnerability Stable Release Code Review Public Service Announcement Security Advisory
Unable to display preview. Download preview PDF.
- 1 Wikipedia, “Cross-site scripting,” http://en.wikipedia.org/wiki/Cross-site_scripting, 2011.
- 5 Drupal, “Drush,” http://drupal.org/project/drush, 2011.
- 6 Drupal, “common.inc,” http://api.drupal.org/api/function/l/7, 2011.
- 7 Wikipedia, “Cross-site request forgery,” http://en.wikipedia.org/wiki/Cross-site_request_forgery, 2011
- 8 Wikipedia, “SQL injection,” http://en.wikipedia.org/wiki/SQL_injection, 2011
- 9 Drupal, “Database API,” http://drupal.org/developing/api/database, 2011.