Successfully reported this slideshow.
Your SlideShare is downloading. ×

Drupal - Melbourne cryptoparty

Upcoming SlideShare
93 301
93 301
Loading in …3
×

Check these out next

1 of 11 Ad
1 of 11 Ad
Advertisement

More Related Content

Advertisement

Drupal - Melbourne cryptoparty

  1. 1. Drupal Cryptoparty, Melbourne 27th Oct @chrischinch
  2. 2. Overview ‘Drupal’ is a Trademark Released under GPL license, as are all modules and themes Drupal distributions A healthy consultant / developer ecosystem Acquia and commercialisation
  3. 3. You’re in good company…
  4. 4. Why use an Open Source CMS? Freedom After a bit of work Especially with Drupal
  5. 5. Data in CSV, XML, RSS, JSON, KML, OP ML, RDF, SQL, SSO, Oauth, Op enID, Social Logins, phpBB, Joomla, Wordp ress, LiveJournal… And more!
  6. 6. Data Out… CSV, RSS, XML, JSON, TXT, Seri alize, Node Code MORE
  7. 7. Security process Open source Security Team Most vulnerabilities, “Bad practice” drupalsecurityreport.org
  8. 8. Security Features Passwords Private keys Cookies / Sessions Passwords never emailed Cross-site forgery / Scripting Data Sanitisation Database Abstraction Layer
  9. 9. Securing Disabling PHP Filters Check HTML Filters Captcha / Mollom Status Report Error Logs
  10. 10. Privacy Basic user tracking by default Many other initial flaws slowly resolved Public & private fields Highly configurable permissions Cookies / EU compliance
  11. 11. More? Drupal Melbourne www.meetup.com/drupalmel bourne Australia’s first ‘official’ Drupal Con Sydney, 6th Feb 2013

Editor's Notes

  • Demo
  • The Drupal trademark — i.e. the word "Drupal", whether or not in capitals — is owned and controlled by Dries Buytaert, who cooperates with the Drupal Association and local non-profit associations to foster the use of the Drupal software. You are required to apply for a license if you intend to use it your own business name, i.e. “Chris’s Drupal shop”, but generally you don’t need to apply if you’re just using the software.GPL, version 2 or later licenseMeans you are free to download, reuse, modify, and distribute any files hosted in Drupal.org'sGit repositories under the terms of either the GPL version 2 or version 3, and to run Drupal in combination with any code with any license that is compatible with either versions 2 or 3, such as the Affero General Public License (AGPL) version 3.Very few commercial themes or modules, much clearer than some other open source CMSs, though they can integrate wit commercial services.
  • Strange comparison I know…Very popular with government generally worldwide
  • Demo
  • Open Source is generally considered more secure though community collaboration and quicker identifying and solving of security issuesProfessional security audits of Drupal sites have generally found that the vast majority of security holes (90% or more) are present in the custom theme or modules written by that site's developers. That code did not get the same public scrutiny that all code on drupal.org receives.In addition, problems at the server level (such as using insecure protocols like FTP) are more likely to be the means of a successful attack than a vulnerability in Drupal - especially Drupal core.
  • Passwords stored as a 1 way hashPrivate keys for every installationSessions always destroyed, not modifiable. Unique to each installationUsernames and password always server sideForm API and input filters prevents CSFR / XSS
  • Local site demo
  • What you’ve viewed, counts etc…Deleting your own accountShow examples, permissions and fields (same screen)Core Drupal uses cookies, hard to turn off, but you can get EU compliance modules and not enable other modules such as analytics

×