Critical Security Release for D7 & D8 coming on March 28
If you haven't head this somewhere in the Drupalverse, a very important security update release for both Drupal 7 and 8 is coming on March 28, 2018. Make sure to set aside some time to update your sites!
Read moreSecurity Update
Liability as a Drupal Developer
Good day, all:
My company has been a provider of "traditional" software development for the past 30 years. However, Drupal development - or any other CMS work - has not been a focus of the company, despite the fact that we have extensive coding resources both in-house and out, we manage a significant array of servers in our Orlando data center, and we have a number of local clients (potential Drupal prospects) to whom we provide IT support services.
Read moreSuggestions/Query related to our review process
Some steps of current review process:
- Users are creating sandbox for their new projects and get reviews from other community members.
- Other reviewers give him instructions and some guidelines related to code/Security etc.
- After too many reviews and changes in his code, Project finally gets approved, which upgrades his permission to create a full project.
So my question here is
Why we are giving access to users to create full project without any code review?
SSl certificates - Enabling HTTP Secure
Hola Compañeros! Necesito un poco de orientacion, He instalado un certificado SSl en una de mis paginas de ecommerce con ubercart y parece que necesito un modulo para drupal con el objetivo que cambie mi browser a https:..... teneis alguna recomendacion sencilla que funcione con ubercart para D7? que metodos utilizais para encriptar las tarjetas de credito...etc?
Gracias y darle duro!!!!
Read moreFine-grained MySQL tables privileges
Regarding Drupal site security, I am really surprised to see that MySQL settings do not keep an important place in Securing your site discussion.
Yet a very simple MySQL policy would have prevented Drupageddon to your site.
According to INSTALL.mysql.txt, MySQL user used by Drupal, must have the following minimal privileges on Drupal database:
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES.
Read moreWhat should we do with Linux/Cdorked.A malware?
I've seen this post today:
http://www.welivesecurity.com/2013/05/07/linuxcdorked-malware-lighttpd-a...
It looks like something went terrible.
What should we do with our servers and Drupal installations?
Read morePROJECT IDEA: Encrypt RSS/ATOM feeds
I want to participate as a student in this years summer of code. My project idea is encrypt rss feeds. I have been researching on this idea for quite some time. This idea was originally proposed here http://drupal.org/node/237628.
Read moreBackups
Estoy empezando con lo que espero sea la primera de muchas páginas que cree con este excelente CMS.
Tras un par de sustos he decidido coger la buena constumbre de hacer backups de la base de datos con regularidad. Acabo de instalar el modulo 'Backup and Migrate' y lo he configurado para que realice 1 backup todos los dias.
En este momento me surgen dos preguntas:
1- ¿Es este modulo el mejor para realizar esta tarea, o usais otros? Cualquier opinion me sera de ayuda.
Security update notification based on permission needed to exploit vulnerability
I manage numerous Drupal sites, and have run into a kink in my procedure that I'd imagine many others share. Many people have their sites notify them whenever a security update applies to them, and promptly install that security update. Generally that's a good practice, and leads to relatively stable and secure sites.
Read more