AhmadZain's picture

Security Update

ddease2's picture

Liability as a Drupal Developer

Good day, all:

My company has been a provider of "traditional" software development for the past 30 years. However, Drupal development - or any other CMS work - has not been a focus of the company, despite the fact that we have extensive coding resources both in-house and out, we manage a significant array of servers in our Orlando data center, and we have a number of local clients (potential Drupal prospects) to whom we provide IT support services.

Read more
Manjit.Singh's picture

Suggestions/Query related to our review process

Some steps of current review process:

  1. Users are creating sandbox for their new projects and get reviews from other community members.
  2. Other reviewers give him instructions and some guidelines related to code/Security etc.
  3. After too many reviews and changes in his code, Project finally gets approved, which upgrades his permission to create a full project.
  4. So my question here is

    Why we are giving access to users to create full project without any code review?

Read more
javiermarti's picture

SSl certificates - Enabling HTTP Secure

Hola Compañeros! Necesito un poco de orientacion, He instalado un certificado SSl en una de mis paginas de ecommerce con ubercart y parece que necesito un modulo para drupal con el objetivo que cambie mi browser a https:..... teneis alguna recomendacion sencilla que funcione con ubercart para D7? que metodos utilizais para encriptar las tarjetas de credito...etc?

Gracias y darle duro!!!!

Read more
EC-GROW's picture

Fine-grained MySQL tables privileges

Regarding Drupal site security, I am really surprised to see that MySQL settings do not keep an important place in Securing your site discussion.

Yet a very simple MySQL policy would have prevented Drupageddon to your site.

According to INSTALL.mysql.txt, MySQL user used by Drupal, must have the following minimal privileges on Drupal database:


Read more
Orkut Murat Yılmaz's picture

What should we do with Linux/Cdorked.A malware?

I've seen this post today:


It looks like something went terrible.

What should we do with our servers and Drupal installations?

Read more
bobbyaldol's picture


I want to participate as a student in this years summer of code. My project idea is encrypt rss feeds. I have been researching on this idea for quite some time. This idea was originally proposed here http://drupal.org/node/237628.

Read more
Alfonso_MA's picture


Estoy empezando con lo que espero sea la primera de muchas páginas que cree con este excelente CMS.

Tras un par de sustos he decidido coger la buena constumbre de hacer backups de la base de datos con regularidad. Acabo de instalar el modulo 'Backup and Migrate' y lo he configurado para que realice 1 backup todos los dias.

En este momento me surgen dos preguntas:
1- ¿Es este modulo el mejor para realizar esta tarea, o usais otros? Cualquier opinion me sera de ayuda.

Read more
ezra's picture

Security update notification based on permission needed to exploit vulnerability

I manage numerous Drupal sites, and have run into a kink in my procedure that I'd imagine many others share. Many people have their sites notify them whenever a security update applies to them, and promptly install that security update. Generally that's a good practice, and leads to relatively stable and secure sites.

Read more
arkut's picture

Moving Drupal site to Git without undermining security

I would like to move the site I administer into git, but want to make sure I do so responsibly.

What is the best practice for this -- only using a private repository on GitHub, or selectively moving files to GitHub (e.g., excluding settings.php and the database)?

Read more
Subscribe with RSS Syndicate content