Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
  • Security in Drupal

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 44
    Comment on it
    What Basic Steps You can take to make you drupal site to make it much more secure.

    Actually Drupal is configured to be secure out of the box, because it restrained it's permission, but as we extend website according to our need we get playing around with the permission section. and there we start making our drupal site much more volnerable to attacks of outer world.

    Basic things that we can do to make our site much more strong enough to kick off the attacks.

    1. Use Strong Passwords
    2. we must use the strong password, the person logged in with user 1 or from the much powerful permission account can do much more damage to the site.
      To make you password strong, you should add uppercase letters, number and punctuation combination

      Good referce for password visit
    3. User 1 Should Only Be Used For Administration Purposes Only
    4. Because user 1 has been given permission to do everything on the site, while installation. Its better Idea to Usser account as super user account and you create another with appropriate permissions

    5. Be Careful When Assigning Permissions
    6. Permissions starting with Administer must only be granted to highly trusted users. Some permissions have security implications and should only be granted with extra care. Permission like "Bypass content access control" can give the user ability to Add, Edit, Delete any content on site and this could really dangerous

      By default Administrator need to approve the account created by the user but some time we bypass this scenario and let the user create his account with any involving the administrator to approve the accout. Id we do this we should review what permissions the Authenticated User role has and ensure they are all safe.

    7. Keep Text Formats Tight and Secure
    8. Each text format contains a set of filters that will escape content and make it safe for display. By default, the text formats such as Filtered HTML and Plain Text are safe as they have very limited and no tags allowed to insert in text

      Though Drupal sanitize the output before rendering to the page. But we should not never trust the user inout

    9. Avoid Using the PHP Filter Module
    10. First of all it make hard and most impossible to version the code saved in database, secondly hard to make the code review, thirdly it would be hard to track the error, and lastly In terms of performance, storing PHP code in the database will prevent any opcode caching mechanism from working on this piece of code


 0 Comment(s)

Sign In

Sign up using

Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: