Skip to: Site menu | Main content

ubercart

Drupalcon Boston: Day 3

Drupal Security - Best Practices and Process Discussion

Greg Knaddison and James Walker, both on the Drupal security team, presided over this session.

They talked about the various attack vectors that hackers utilize:
  • authentication
  • authorization
  • client-side attacks (XSS and cross site request forgery [CSRF]
  • information disclosure

They stressed the idea of being a secure user by using a strong password, avoiding unecrypted WiFi and FTP (opting for ssh/keys instead), and being really, really careful with UID 1. On the server side, using SSL for login pages (via the Secure Pages module) if desireable, if possible.

Submitted by michael on Wed, 03/05/2008 - 9:29pm
Filed under: