Microsoft Office Tutorials and References
In Depth Information
Drupal is an open-source content management system which contains readable
source. In terms of security this is both a good and a bad thing. It is bad because
anyone can find security risks in the code with the code being readable, but
conversely it makes it easier for someone to find a bug and get a security
Drupal releases security announcements on a special dedicated section of its website
which makes it easy to keep up with the latest security patches. This section is
available at: http://drupal.org/security .
On this page there is also a mailing list sign-up box; by signing up to this we will
receive emails each time a new announcement is released by Drupal's security team.
There is also a link to the security team's own page within the Drupal site. They can
be contacted with any security concerns regarding Drupal's code, so if you find a
security issue somewhere, let them know and they can create a patch for everyone to
use to secure their own Drupal installations.
It is highly recommended that e-commerce sites utilizing Drupal
subscribe to this list.
Securing Our Drupal Installation
Other than keeping up with any Drupal security announcements, there is little we
can do to secure Drupal's code; however, there are some modules we can install that
can help protect and secure our website. These modules are:
CAPTCHA—This prevents automated "web bots" from using and submitting
"web bots" from using and submitting
web forms in our website.
Email verification—This performs some additional checks to see if an email
address is a real email address.
Legal—This is not specifically security related, but adds a terms and
conditions box for users who sign up; this can inform them of the rules,
regulations, and policies of the website.
Log in security—This adds additional protection to user accounts and log in.