#security

If you haven't head this somewhere in the Drupalverse, a very important security update release for both Drupal 7 and 8 is coming on March 28, 2018. Make sure to set aside some time to update your sites!

https://www.drupal.org/node/2841094

Good day, all:

My company has been a provider of "traditional" software development for the past 30 years. However, Drupal development - or any other CMS work - has not been a focus of the company, despite the fact that we have extensive coding resources both in-house and out, we manage a significant array of servers in our Orlando data center, and we have a number of local clients (potential Drupal prospects) to whom we provide IT support services.

Some steps of current review process:

1. Users are creating sandbox for their new projects and get reviews from other community members.
2. Other reviewers give him instructions and some guidelines related to code/Security etc.
3. After too many reviews and changes in his code, Project finally gets approved, which upgrades his permission to create a full project.

So my question here is

Why we are giving access to users to create full project without any code review?

Hola Compañeros! Necesito un poco de orientacion, He instalado un certificado SSl en una de mis paginas de ecommerce con ubercart y parece que necesito un modulo para drupal con el objetivo que cambie mi browser a https:..... teneis alguna recomendacion sencilla que funcione con ubercart para D7? que metodos utilizais para encriptar las tarjetas de credito...etc?

Gracias y darle duro!!!!

Regarding Drupal site security, I am really surprised to see that MySQL settings do not keep an important place in Securing your site discussion.

Yet a very simple MySQL policy would have prevented Drupageddon to your site.

According to INSTALL.mysql.txt, MySQL user used by Drupal, must have the following minimal privileges on Drupal database:

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES.

I've seen this post today:

http://www.welivesecurity.com/2013/05/07/linuxcdorked-malware-lighttpd-a...

It looks like something went terrible.

What should we do with our servers and Drupal installations?

I want to participate as a student in this years summer of code. My project idea is encrypt rss feeds. I have been researching on this idea for quite some time. This idea was originally proposed here http://drupal.org/node/237628.

Estoy empezando con lo que espero sea la primera de muchas páginas que cree con este excelente CMS.

Tras un par de sustos he decidido coger la buena constumbre de hacer backups de la base de datos con regularidad. Acabo de instalar el modulo 'Backup and Migrate' y lo he configurado para que realice 1 backup todos los dias.

En este momento me surgen dos preguntas:
1- ¿Es este modulo el mejor para realizar esta tarea, o usais otros? Cualquier opinion me sera de ayuda.

I manage numerous Drupal sites, and have run into a kink in my procedure that I'd imagine many others share. Many people have their sites notify them whenever a security update applies to them, and promptly install that security update. Generally that's a good practice, and leads to relatively stable and secure sites.