mapping

Drupal Security - Best Practices and Process Discussion

Greg Knaddison and James Walker, both on the Drupal security team, presided over this session.

They talked about the various attack vectors that hackers utilize:

• authentication
• authorization
• client-side attacks (XSS and cross site request forgery [CSRF]
• information disclosure

They stressed the idea of being a secure user by using a strong password, avoiding unecrypted WiFi and FTP (opting for ssh/keys instead), and being really, really careful with UID 1. On the server side, using SSL for login pages (via the Secure Pages module) if desireable, if possible.

I just soft-launched OffRoadAtlas.com - a new site that utilizes Drupal and Google Maps to provide users with an easy way to find and share off-road areas for their vehicles.

The site allows its members as well as anonymous users to submit off-road areas to be displayed on the site. When submitting a new area, the user can specify not only the name and description of the site, but they can also submit links associated with the area and they can pinpoint the location of the area using a highly-interactive Google Map embedded in the page.

The site also integrates various social-networking features like buddylists and user points. In addition, users of the site can search for off-road areas by zip code.