পৃষ্ঠাসমূহ

Search Your Article

CS

 

Welcome to GoogleDG – your one-stop destination for free learning resources, guides, and digital tools.

At GoogleDG, we believe that knowledge should be accessible to everyone. Our mission is to provide readers with valuable ebooks, tutorials, and tech-related content that makes learning easier, faster, and more enjoyable.

What We Offer:

  • 📘 Free & Helpful Ebooks – covering education, technology, self-development, and more.

  • 💻 Step-by-Step Tutorials – practical guides on digital tools, apps, and software.

  • 🌐 Tech Updates & Tips – simplified information to keep you informed in the fast-changing digital world.

  • 🎯 Learning Support – resources designed to support students, professionals, and lifelong learners.

    Latest world News 

     

Our Vision

To create a digital knowledge hub where anyone, from beginners to advanced learners, can find trustworthy resources and grow their skills.

Why Choose Us?

✔ Simple explanations of complex topics
✔ 100% free access to resources
✔ Regularly updated content
✔ A community that values knowledge sharing

We are continuously working to expand our content library and provide readers with the most useful and relevant digital learning materials.

📩 If you’d like to connect, share feedback, or suggest topics, feel free to reach us through the Contact page.

Pageviews

Thursday, February 16, 2017

Drupal Site Security

In this chapter we will study about how to secure the Drupal site. This chapter specifies security configuration suggestions for site administrators and alerts the administrator how to secure the site.
There are many contributed modules which help you with security configuration in which Security Review module automates testing the mistakes that makes your site insecure.

  • You can report a security issue directly with Drupal core, contrib or Drupal.org by sending email regarding the issue. The security team will help you to sort your issue with the project maintainer.
  • Secure your file permissions and ownership by configuring the server file system, as the web server (e.g. Apache) should not have access to edit or write the files, it should be read only the files, later which gets executed.
  • The security risk levels are based on NIST Common Misuse Scoring System (NISTIR 7864), so that the organization can verify how to manage the problem. Below are the points that will help to understand the security risk level by assigning the number between 0 to 25:
    • 0 to 4: Not Critical.
    • 5 to 9: Less Critical.
    • 10 to 14: Moderately Critical.
    • 15 to 19: Critical
    • 20 to 25: Highly Critical.
  • While accepting the sensitive information like credit card number, the PCI(Payment Card Industry) defines a number of Data Security Standards. Though this is not Drupal specific, it is important for each Drupal developer be aware of this. To know more about the PCI issues you can refer this link Drupal PCI Compliance White Paper.
  • The users are allowed to be deleted or even for the users to delete themselves in Drupal site which can lead to an unexpected situation sometimes.
  • Enable HTTPS, which is more secure to send sensitive information to a website such as:
    • Credit cards
    • Sensitive cookies such as PHP session cookies
    • Passwords and Usernames
    • Identifiable information (Social Security number, State ID numbers, etc)
    • Confidential content
  • Enhance your security using contributed modules. Here are some standard module categories such as:
    • Security category
    • User access / authentication
    • Spam prevention modules
  • You can disable the roles and permissions of the user by installing the Secure Permission module.
  • The security operation can be improved in the login operation by installing the Login Security module.
  • The site administrator can secure its site by making it as private and by restricting the site to limited access for the users by the role. Due to this process, your site will not be reachable to search engines and other crawlers(to create an index of data in www).
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)