Commanding Chaos for Coworking, Open Source and Creative Communities

Security

Padlock | Drupal.org

Fri, 03/27/2015 - 11:43 -- rprice

The padlock module is designed to limit the functionality of Drupal forms by setting a validation error unless the form is allowed to be submitted in the module configuration. The module also provides a permission to bypass the padlock validation for roles with the elevated permission. Use Cases: Integration / Staging Sites / Training Sites Testing deployment scripts and processes. Allow the review of a form without the submission of the form. Locking specific forms without removing the entire permission set for that role.

drupaleasypodcast
Security
testing

klausi on Twitter: "Security quiz: as an attacker, what could you exploit in this Drupal sandbox module? https://t.co/UlKjcrPbsG"

Wed, 03/04/2015 - 09:47 -- rprice

Security quiz: as an attacker, what could you exploit in this Drupal sandbox module? https://www.drupal.org/node/2437511

drupaleasypodcast
Security
Twitter

Drupal core security release window on Wednesday, December 17 | Drupal Groups

Mon, 12/15/2014 - 15:09 -- rprice

This does not mean that a Drupal core security release will necessarily take place on that date for either the Drupal 6 or Drupal 7 branches, only that you should prepare to look out for one (and be ready to update your Drupal sites in the event that the Drupal security team decides to make a release). There will be no bug fix release on this date; the next window for a Drupal core bug fix release is Wednesday, January 7.

drupaleasypodcast
Security

Follow up on Drupal SA-2014-005, SQL Injection | Drupal.org

Mon, 12/15/2014 - 10:39 -- rprice

the PSA also resulted in a large volume of press coverage – in fact much more coverage than the original disclosure of the vulnerability on October 15th. Not surprisingly, the general tone of the press coverage was quite negative. Unfortunately, some of the coverage was also inaccurate which we’d like to address here as well as provide additional context regarding our security processes. While we don’t know the total number of Drupal sites affected, the number is not near 12 million as stated in several publications.

drupaleasypodcast
Security
press

Using Apache and SELinux Together | Drupal Watchdog

Sat, 11/15/2014 - 16:04 -- rprice

SELinux provides confinement on an application if the application has been hacked, even if the application is running as root. If policy says the Apache process is only supposed to read Apache content, then even if a hacker gets uid = 0 (the root user), he will not be able to turn it into a spam bot; he will not be able to read credit card data in your home directory; and he will not be able to destroy log files. The hacked process will only be able to act as an Apache process.

drupaleasypodcast
Security
apache

Try to exploit Two Factor Authentication module (and maybe earn $) before we deploy TFA to drupal.org | Drupal Groups

Thu, 09/04/2014 - 17:16 -- rprice

Drupal.org hopes to deploy two-factor-authentication to enhance the security of the site. This tool will help to ensure that accounts with advanced permissions are only used by the intended individual. The Two Factor Authentication module for Drupal tfa was originally built by Growing Venture Solutions, has been dramatically enhanced to work for Acquia, and is being made “drupal.org-ready” with support from CARD.com.

drupaleasypodcast
Security
contest

Pages

Subscribe to RSS - Security