Drupal - Melbourne cryptoparty


Published on

A small talk ab

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Demo
  • The Drupal trademark — i.e. the word "Drupal", whether or not in capitals — is owned and controlled by Dries Buytaert, who cooperates with the Drupal Association and local non-profit associations to foster the use of the Drupal software. You are required to apply for a license if you intend to use it your own business name, i.e. “Chris’s Drupal shop”, but generally you don’t need to apply if you’re just using the software.GPL, version 2 or later licenseMeans you are free to download, reuse, modify, and distribute any files hosted in Drupal.org'sGit repositories under the terms of either the GPL version 2 or version 3, and to run Drupal in combination with any code with any license that is compatible with either versions 2 or 3, such as the Affero General Public License (AGPL) version 3.Very few commercial themes or modules, much clearer than some other open source CMSs, though they can integrate wit commercial services.
  • Strange comparison I know…Very popular with government generally worldwide
  • Demo
  • Open Source is generally considered more secure though community collaboration and quicker identifying and solving of security issuesProfessional security audits of Drupal sites have generally found that the vast majority of security holes (90% or more) are present in the custom theme or modules written by that site's developers. That code did not get the same public scrutiny that all code on drupal.org receives.In addition, problems at the server level (such as using insecure protocols like FTP) are more likely to be the means of a successful attack than a vulnerability in Drupal - especially Drupal core.
  • Passwords stored as a 1 way hashPrivate keys for every installationSessions always destroyed, not modifiable. Unique to each installationUsernames and password always server sideForm API and input filters prevents CSFR / XSS
  • Local site demo
  • What you’ve viewed, counts etc…Deleting your own accountShow examples, permissions and fields (same screen)Core Drupal uses cookies, hard to turn off, but you can get EU compliance modules and not enable other modules such as analytics
  • Drupal - Melbourne cryptoparty

    1. 1. DrupalCryptoparty, Melbourne 27th Oct @chrischinch
    2. 2. Overview‘Drupal’ is a TrademarkReleased under GPLlicense, as are all modules andthemesDrupal distributionsA healthy consultant /developer ecosystemAcquia and commercialisation
    3. 3. You’re in good company…
    4. 4. Why use an Open Source CMS? Freedom After a bit of work Especially with Drupal
    5. 5. Data inCSV, XML, RSS, JSON, KML, OPML, RDF, SQL, SSO, Oauth, OpenID, SocialLogins, phpBB, Joomla, Wordpress, LiveJournal…And more!
    6. 6. Data Out…CSV, RSS, XML, JSON, TXT, Serialize, Node CodeMORE
    7. 7. Security processOpen sourceSecurity TeamMost vulnerabilities, “Badpractice”drupalsecurityreport.org
    8. 8. Security FeaturesPasswordsPrivate keysCookies / SessionsPasswords never emailedCross-site forgery / ScriptingData SanitisationDatabase Abstraction Layer
    9. 9. SecuringDisabling PHP FiltersCheck HTML FiltersCaptcha / MollomStatus ReportError Logs
    10. 10. PrivacyBasic user tracking by defaultMany other initial flaws slowlyresolvedPublic & private fieldsHighly configurablepermissionsCookies / EU compliance
    11. 11. More?Drupal Melbournewww.meetup.com/drupalmelbourneAustralia’s first ‘official’ DrupalConSydney, 6th Feb 2013