security
Drupalcon Boston: Day 3
Drupal Security - Best Practices and Process Discussion
Greg Knaddison and James Walker, both on the Drupal security team, presided over this session.
They talked about the various attack vectors that hackers utilize:
Greg Knaddison and James Walker, both on the Drupal security team, presided over this session.
They talked about the various attack vectors that hackers utilize:
- authentication
- authorization
- client-side attacks (XSS and cross site request forgery [CSRF]
- information disclosure
They stressed the idea of being a secure user by using a strong password, avoiding unecrypted WiFi and FTP (opting for ssh/keys instead), and being really, really careful with UID 1. On the server side, using SSL for login pages (via the Secure Pages module) if desireable, if possible.
Submitted by michael on Wed, 03/05/2008 - 9:29pm
Filed under:
Filed under: