By AngelicLight on
Hi, there,
I am just about to go live with my first Drupal site (on v7) and one forum post touched on a site broken by "code injection".
How do you prevent this?
Is there anything else that could happen to protect from? I'm not a security expert, but I can't afford to have my site go down.
Thanks so mucn, everyone,
= (A/L)
Comments
As far as I understand, your
As far as I understand, your question concerns input formats and filters. I am not sure what you mean by "...and one forum post touched on a site broken by "code injection"."
In any way you should carefully choose the code that shall be available to users.
Read further: http://www.lullabot.com/articles/drupal-input-formats-and-filters
So if I'm not really using
So if I'm not really using Drupal to have a multi-user site, but just for my own content, this shouldn't be that much of an issue then, right?
As far as I know, it is like
As far as I know, it is like that. I mean, you have to give somebody the opportunity to inject harmfull code. And if there isn't a security bug, that allows someone to do that, it's only possible through the means you give the users to do so. If there is no way for users to submit forms, I thing you don't have to worry about harmful code injection.
Apart from the scenario, if you have a multi-site installation running. Then, someone can also harm the website that does not allow to submit forms if another does, obviously because it is the same installation.
I hope, I got these things right. I'm not an expert, but from what I read it should be like that.
good luck!
andi