Number 2: Security 5 lỗi cần tránh trong Drupal Website

Number 2: Security 5 lỗi cần tránh trong Drupal Website

Hướng dẫn sử dụng Redux để quản lý hiệu quả trong ứng dụng React

Average: 7.7 (3 votes)

Cài đặt Webpack để viết Reactjs bằng ES6 và những thuận lợi của ES6

Average: 9.5 (2 votes)

Number 2: Security 5 lỗi cần tránh trong Drupal Website

>>Number 1: Architecture: 5 lỗi cần tránh trong Drupal Website

>>Number 2: Security 5 lỗi cần tránh trong Drupal Website

>>Number 3: Performance - 5 lổi cần tránh trong Drupal Website

>>Number 4: Infrastructure - 5 lỗi cần tránh trong Drupal

>>Number 5: Maintenance - 5 lỗi cần tránh trong Drupal

Good security practices protect your site from hacker attacks. In this article we'll look at some methods for reducing security risks on your site. 

Drupal Security Best Practices

Drupal has good security built in if used correctly. However, once you begin to configure your site you might introduce new security issues. Plan configuration so that only trusted users have permissions that involve security risks.

Keep core and contrib modules updated

You may not opt to do some module updates if the fixes or improvements have no direct effect on your site, however you should always apply security updates as soon as possible. Subscribe to security announcements on Drupal.org.

Use Strong Passwords

Passwords are the most likely candidates for points of failure in your site security. Use the  Password Policy module to devise a set of constraints before your users can set their passwords. You can also set a password expiration.

Limit file uploads and limit what files are served

Limit allowed file types and limit uploads to trusted users only. Check your permissions for specific content types, and files types allowed in field uploads. 

Use the Security Review module and Acquia Insight

The Security Review module will analyze your site configuration and report methods for fixing errors. Only use this module on a staging or test site. Disable and remove the module on production sites.  Our service, Acquia Insight,provides additional site configuration and security checks as well.

Guard against attacks in custom code

Following are three attacks to guard against in custom code in your themes and modules.

Avoid: SQL injection

Mistake: Using SQL queries in code rather than using Drupal API.

Example: The code db_query("select * from table where id=$_GET[‘id’]"); allows for the attack example .com/index .php?id=1 union select * from users;

Solution: Use Drupal’s database abstraction layer. [Seehttp://api.drupal.org/api/drupal/includes%21database%21database.inc/group/database/7]

Avoid: XSS—Cross-site scripting

Mistake: Displaying visitor parameters without checking them allows visitors to inject client-side scripts into pages viewed by other users.

Example: The code <?php echo "Your number is ". $_GET['id']; ?> allows the attack Index.php?id=<script> alert("UAAAT??");</script>

Solution: Clean (sanitize or filter) and input from untrusted users before returning to the browser for render. Read more here: XSS intro http://drupalscout.com/knowledge-base/introduction-cross-site-scripting-xss-and-drupal

Avoid: CSRF—Cross-site request forgery

Mistake: URLs containing wildcards (%) that are not protected and form code entered directly into the site. HTTP Post from forms can allow a request to originate from anywhere, not just your site as you expect. 

Solution: Use Drupal’s Form API, which protects against these attacks by inserting a token in every form. If you render any sort of URL that should be protected, make sure that you either ask for a confirmation with the Form API or use a token with the URL and verify that the token is present and valid on the response handling. Read more here: CSRF introhttp://drupalscout.com/knowledge-base/introduction-cross-site-request-forgery-csrf

 

Bạn thấy bài viết này như thế nào?: 
No votes yet

Advertisement

 

jobsora

Dich vu khu trung tphcm

Dich vu diet chuot tphcm

Dich vu diet con trung

Quảng Cáo Bài Viết

 
Phong thủy công ty: Ban công và 5 điều kỵ
Phong thủy công ty: Ban công và 5 điều kỵ

Ban công đối thẳng với đường đi hoặc cửa ra vào bị coi là bất lợi về mặt phong thủy.

Bamboo Paper - Ứng dụng viết vẽ cho iPad
Bamboo Paper - Ứng dụng viết vẽ cho iPad

Bề mặt hết sức lý tưởng cho thao tác viết và vẽ của iPad là một điểm mạnh mà ứng dụng Bamboo Paper hiểu và khai thác.

Google khai tử thêm 7 dự án
Google khai tử thêm 7 dự án

Vòng thứ 3 trong chiến dịch cắt giảm dự án của Google đã ghi tên Renewable Energy (RE<C), Knol và 5 dự án khác vào danh sách bị khai tử.