Security in Drupal

  • Stéphane Corlosquet

Abstract

The Internet is rife with spammers and hackers threatening to deface or take down your site, ruin your brand, paralyze your community, or steal confidential data. Whether you are a site administrator, module developer, themer, system administrator, or user, you ought to bear security in mind when administering your site or writing code. You could put your own site or other people’s sites at risk if you don’t follow some simple rules and best practices. Fortunately, you are not alone in this situation, and the Drupal community has developed a solid process to help you avoid major headaches when dealing with security matters.

Keywords

Editing 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1 Wikipedia, “Cross-site scripting,” http://en.wikipedia.org/wiki/Cross-site_scripting, 2011.
  2. 5 Drupal, “Drush,” http://drupal.org/project/drush, 2011.
  3. 6 Drupal, “common.inc,” http://api.drupal.org/api/function/l/7, 2011.
  4. 7 Wikipedia, “Cross-site request forgery,” http://en.wikipedia.org/wiki/Cross-site_request_forgery, 2011
  5. 8 Wikipedia, “SQL injection,” http://en.wikipedia.org/wiki/SQL_injection, 2011
  6. 9 Drupal, “Database API,” http://drupal.org/developing/api/database, 2011.

Copyright information

© Benjamin Melançon, Jacine Luisi, Károly Négyesi, Greg Anderson, Bojhan Somers, Stéphane Corlosquet, Stefan Freudenberg, Michelle Lauer, Ed Carlevale, Florian Lorétan, Dani Nordin, Ryan Szrama, Susan Stewart, Jake Strawn, Brian Travis, Dan Hakimzadeh, Amye Scavarda, Albert Albala, Allie Micka, Robert Douglass, Robin Monks, Roy Scholten, Peter Wolanin, Kay VanValkenburgh, Greg Stout, Kasey Qynn Dolin, Mike Gifford, Claudina Sarahe, Sam Boyer, and Forest Mars, with contributions from George Cassie, Mike Ryan, Nathaniel Catchpole, and Dmitri Gaskin 2011

Authors and Affiliations

  • Stéphane Corlosquet

There are no affiliations available

Personalised recommendations