2. Overview
‘Drupal’ is a Trademark
Released under GPL
license, as are all modules and
themes
Drupal distributions
A healthy consultant /
developer ecosystem
Acquia and commercialisation
10. Privacy
Basic user tracking by default
Many other initial flaws slowly
resolved
Public & private fields
Highly configurable
permissions
Cookies / EU compliance
The Drupal trademark — i.e. the word "Drupal", whether or not in capitals — is owned and controlled by Dries Buytaert, who cooperates with the Drupal Association and local non-profit associations to foster the use of the Drupal software. You are required to apply for a license if you intend to use it your own business name, i.e. “Chris’s Drupal shop”, but generally you don’t need to apply if you’re just using the software.GPL, version 2 or later licenseMeans you are free to download, reuse, modify, and distribute any files hosted in Drupal.org'sGit repositories under the terms of either the GPL version 2 or version 3, and to run Drupal in combination with any code with any license that is compatible with either versions 2 or 3, such as the Affero General Public License (AGPL) version 3.Very few commercial themes or modules, much clearer than some other open source CMSs, though they can integrate wit commercial services.
Strange comparison I know…Very popular with government generally worldwide
Demo
Open Source is generally considered more secure though community collaboration and quicker identifying and solving of security issuesProfessional security audits of Drupal sites have generally found that the vast majority of security holes (90% or more) are present in the custom theme or modules written by that site's developers. That code did not get the same public scrutiny that all code on drupal.org receives.In addition, problems at the server level (such as using insecure protocols like FTP) are more likely to be the means of a successful attack than a vulnerability in Drupal - especially Drupal core.
Passwords stored as a 1 way hashPrivate keys for every installationSessions always destroyed, not modifiable. Unique to each installationUsernames and password always server sideForm API and input filters prevents CSFR / XSS
Local site demo
What you’ve viewed, counts etc…Deleting your own accountShow examples, permissions and fields (same screen)Core Drupal uses cookies, hard to turn off, but you can get EU compliance modules and not enable other modules such as analytics