HomeForumsTechnical discussionConfiguring Drupal

Security!

Mon, 2007-02-12 21:42 — rtennant

I've recently had a run-in with someone who was somehow able to insert code into some PHP and HTML files on my site. Needless to say I've cleaned the files and dialed back file permissions, but what else can/should I do? I'm afraid I find the drupal.org site rather hopeless for this information. I'm still on 4.6.3, believe it or not! Thanks,
Roy

‹ CCK, Views & RSS - Oy Vey!
Tue, 2007-02-13 12:26 — calebtr

Several more security holes

Several more security holes have been identified since 4.6.3. How about upgrading to 4.6.11 ? -> http://www.drupal.org/download

If you want to patch release by release, I found them by searching on Google for site:drupal.org 4.6 security

I keep up with the Drupal.org security announcements feed from http://drupal.org/taxonomy/term/44/0.

Wed, 2007-02-14 13:01 — mark

Two-sided coin

I'm amazed at and grateful for everything that Drupal does for a website maintainer, but I find that keeping up with security patches is one of the downsides to using Drupal (the other is juggling the various module dependencies). I would imagine that these two 'problems' apply to any open source app that has a large and active user base, however.

Roy, are you on the Drupal security bulletin email list (http://drupal.org/security)? The security team is excellent, but it is unfortunate that so many XSS and SQL injection bugs get into the code.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.