However, with millions of sites still running old and vulnerable versions of the CMS, this point is still one that needs to be stressed. Running the latest version of any software is probably the most obvious first security measure to take. In this post, we’ve taken some time to detail a few measures which can be taken to address Drupal security, outlining the basic security holes or malpractices that are commonly present in thousands of Drupal sites. Drupal security should be at the forefront of anyone running a Drupal site, especially if running older versions of the CMS or it’s modules, since these are a ripe target for attackers. Taxonomy autotag - provides automatic tagging of content based on taxonomies.Drupal is a very popular Content Management System (CMS) on the Internet today. Scheduler - adds new fields to content creation and editing fields so that content can be published and unpublished at specific times. Publish Content - adds a "Publish/Unpublish" tab to the node page for one-click un/publishing. Popups API and Popups - enables site administrators to configure pop-up windows with content. Path Auto - provides automatic friendly URL's for content. Node Relationships - allows administrators to build connections between nodes. Node Reference Views - Views integration with node references in custom content types. Lowername - is a database query optimization module. Link - extends custom content types by providing a URL link field. Views Slideshow: Dynamic Display Block 6.x-2.0īibliography - allows for the input and auto formatting of bibliographic data and citations.ĬCK - allows site administrators to create custom content types for the site.ĭate - allows you to use date fields in your custom content types.ĭiff - enables viewers to check the differences between revisions of certain content.Įmail field - allows administrators to configure email fields as part of custom content types.Įmbedded Media Field - provides an interface for including embedded media as part of a custom content type.Įxternal Links - is a user interface module that allows administrators to place icons next to links and control how links to external websites are handled (for 508 compliance for instance).įile Aliases - allows uploaded files to be aliased (including URL's for download).įileField - allows for files to be used in custom content types.įileField Paths - is a utility module that can be used to specify paths and filenames for files as part of a custom content type.Scheduler 6.x-1.7 (allows nodes to be published and unpublished at specific times via cron).Print, e-mail and PDF versions 6.x-1.19.Disclaimer 6.x-1.5 with nyroModal 1.6.1.Historical Reference Drupal 6 Modules Listed Alphabetically views_bulk_operations 7.x-3.3 (with patch).entityreference_filter (Views Reference Filter) 7.x-1.x.date_ical 7.x-3.8 (requires iCalcreator v2.22). The following are a list of modules which have been audited by the Information Security Team: Drupal 8 Approved Modules A list of Drupal 5 modules is available here (PennKey authentication required).ĭrupal 8 security information is available at. Although Drupal 5 is no longer officially supported, it is still maintained by SAS computing. Note that some modules are approved for use only with certain patches applied that address known vulnerabilities. Modules are examined for compliance with the Drupal 7 secure coding guidelines as well as for common web application vulnerabilities (Cross Site Scripting, SQL injection, authentication bypass, remote code execution, file inclusion, information disclosure, etc.). While this review is not a surefire guarantee of security, it does insure a certain degree of safety in the module code. Before modules can be installed on our production environments they must be reviewed by information security staff. The School of Arts and Sciences Information Security and Unix Systems (ISUS) regularly audits Drupal modules to ensure security and stability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |