The cracking Drupal book is about how to write secure code and secure your website. I actually think having a book that identifies security issues and resolutions is good. Every piece of software has security issues and many have books or at least chapters on securing them. I think your claim that Drupal is insecure because someone wrote a book on how to secure it is basically short sighted. You probably did a Google search, came up with this book and now you post it. There are literally hundreds of thousands of Drupal websites, some of the largest sites on the Internet are made with Drupal. THe ubuntu website is Drupal and so are many other open source project websites. If there were serious security exploits in Drupal that were exploited all the time these sites would be defaced all the time and they are not.
I went to codeloom.net and whats up with that? I did a search on that and that website looks like it was written by a child that doesn't know how to put even a menu or a link on the site. You literally just have an image linked to an email. Now, based on this I would assume that you really know nothing about making a web page let alone a website. This may be a false assumption, but based on a first impression that is what I see. I also see that your using apache for a webserver. https://www.feistyduck.com/books/apache-security/ So, you know.... There is a book about securing apache, so I guess thats insecure too based on the logic that if there is a book on security for a piece of software, it must be insecure. On Fri, Oct 15, 2010 at 5:21 PM, James Benstead <[email protected]> wrote: > This from Greg Knaddison, who literally wrote the book on Drupal security ( > http://crackingdrupal.com/). > > Hi Jim, > >> > >> Thanks for including me in the conversation. That's very exciting that > >> LibreOffice is thinking of using Drupal. Back in 2006 I helped add the > >> Open Document formats to the set of defaults that Drupal allows: > >> http://drupal.org/node/101714 :) > >> > >> This past spring my colleague Ben and I wrote a report about the state > of > >> Drupal's security: http://drupalsecurityreport.org > >> > >> That should help start orienting the LibreOffice folks to the situation > >> with security and Drupal. > >> > >> If you want to discuss more, > >> http://groups.drupal.org/best-practices-drupal-security is a great > place, > >> or I could potentially answer some questions (though I prefer my "work" > >> mail: [email protected] ) > >> > >> Cheers, > >> Greg > > On Thu, Oct 14, 2010 at 4:52 AM, David Nelson <[email protected] > >wrote: > > > Hi, :-) > > > > Slightly OT question: since the White House adopted it, does anyone > > know whether there have been any major security hardening benefits for > > Drupal? > > > > David Nelson > > > > -- > > To unsubscribe, e-mail to > > [email protected]<website%[email protected]> > <website%[email protected] <website%[email protected]>> > > List archives are available at http://www.libreoffice.org/lists/website/ > > All messages you send to this list will be publicly archived and cannot > be > > deleted. > > > > > > -- > E-mail to [email protected] <website%[email protected]>for > instructions on how to unsubscribe > List archives are available at http://www.libreoffice.org/lists/website/ > All messages you send to this list will be publicly archived and cannot be > deleted > > -- *Thought Farm Productions <http://www.thoughtfarmproductions.com> [email protected]* *(201) 691-7057* -- E-mail to [email protected] for instructions on how to unsubscribe List archives are available at http://www.libreoffice.org/lists/website/ All messages you send to this list will be publicly archived and cannot be deleted
