Skip to: Site menu | Main content


Drupalcon Boston: Day 3

Drupal Security - Best Practices and Process Discussion

Greg Knaddison and James Walker, both on the Drupal security team, presided over this session.

They talked about the various attack vectors that hackers utilize:
  • authentication
  • authorization
  • client-side attacks (XSS and cross site request forgery [CSRF]
  • information disclosure

They stressed the idea of being a secure user by using a strong password, avoiding unecrypted WiFi and FTP (opting for ssh/keys instead), and being really, really careful with UID 1. On the server side, using SSL for login pages (via the Secure Pages module) if desireable, if possible.

Submitted by michael on Wed, 03/05/2008 - 9:29pm
Filed under:

Creating Modal "Please Wait..." Dialog Boxes with jqModal jQuery Plugin

Part of the power of having jQuery integrated with Drupal is the ability to take advantage of the strong jQuery developer community. There are many, many plug-ins for jQuery that can add some great functionality to your site - usually with very little code.

jqModal is just one of these plug-ins. It can be used to create modal (or non-modal) dialog boxes. In this example, I'm going to show you how to use it to create a modal "Please Wait..." dialog box. This can be useful when your user submits a form that might take a few seconds to process. Having a modal dialog box not only gives the user some feedback that the site is actually doing something, but it also stops the user from clicking the "submit" button multiple times.
Submitted by michael on Sun, 02/24/2008 - 12:06pm
Filed under: