Articles

Storing Private Information Securely in Drupal

Drupal sites periodically need to save private information. Some examples include a secret key used for communicating with a remote service (like an API key for a payment gateway) or private information for each user on the site.

Stay Aware of Drupal Security Updates - the easy way

When dealing with any internet connected software, staying on top of updates is a big responsibility. It is critical to the security of your site and yet can take a lot of time. The traditional advice about updates is "subscribe to the updates mailing list" and that works pretty well for most projects. For broad software projects like Drupal, however, that advice is increasingly unmanageable.

Your Drupal site pretending to be another?

Drupal 7 added a new feature into core that is not user facing directly, but is sometimes called poor man's cron. The feature triggers the periodic tasks of a Drupal site like emptying log files, sending e-mails, and clearing out caches. This feature, when combined with dynamic detection of the "base url" (added in Drupal 4.7), can lead to some screw situations.

Best practices for Drupal permissions

acquia-drop.png

This article has been moved to the Acquia Help Center!

The Acquia Help Center contains Drupal and Acquia product knowledge that you can use to help you as you develop your Drupal websites, including much of the security information that started here on Drupal Scout.

Introduction to Cross Site Request Forgery (CSRF)

acquia-drop.png

This article has been moved to the Acquia Help Center!

The Acquia Help Center contains Drupal and Acquia product knowledge that you can use to help you as you develop your Drupal websites, including much of the security information that started here on Drupal Scout.

List of Security Compliance/Regulations standards by Industry

acquia-drop.png

This article has been moved to the Acquia Help Center!

The Acquia Help Center contains Drupal and Acquia product knowledge that you can use to help you as you develop your Drupal websites, including much of the security information that started here on Drupal Scout.

Drupal Solutions to Mime Type Detection XSS

acquia-drop.png

This article has been moved to the Acquia Help Center!

The Acquia Help Center contains Drupal and Acquia product knowledge that you can use to help you as you develop your Drupal websites, including much of the security information that started here on Drupal Scout.

Introduction to Cross Site Scripting (XSS) and Drupal

acquia-drop.png

This article has been moved to the Acquia Help Center!

The Acquia Help Center contains Drupal and Acquia product knowledge that you can use to help you as you develop your Drupal websites, including much of the security information that started here on Drupal Scout.

Hiding the fact your site runs Drupal OR Fingerprinting a Drupal Site

acquia-drop.png

This article has been moved to the Acquia Help Center!

The Acquia Help Center contains Drupal and Acquia product knowledge that you can use to help you as you develop your Drupal websites, including much of the security information that started here on Drupal Scout.

What are Full Disclosure and Responsible Disclosure

acquia-drop.png

This article has been moved to the Acquia Help Center!

The Acquia Help Center contains Drupal and Acquia product knowledge that you can use to help you as you develop your Drupal websites, including much of the security information that started here on Drupal Scout.

Pages