By jdcoffman on

So I'm convinced that drupal can do everything and more that my company needs it for but THE MAN needs reassurance that it's a secure system and is not easily hacked or modified by non-authorized personell.

Do you have any tips for me when I present my solution to our problems?

-I'm looking for large example sites
-Security references, ie *hell ya that thar code is secure*

and the like!

any help or guidance you can provide would be greatly appreciated!

Thanks!

Categories: Drupal 5.x

Comments

pwolanin’s picture

pwolanin commented

http://drupal.org/handbook/is-drupal-right-for-you

http://groups.drupal.org/node/411

---
Work: BioRAFT

mfer’s picture

mfer commented

Drupal does a great job with security. There is the security list, for one. When there is a security problem found it's posted to the list along with an update to fix the security problem.

Drupal has a general philosophy of taking in all the input and then filtering before display. There is filtering for plain text and filtering for marked up text with the filters module. These do check for XSS and filter it out.

Drupal, also, is setup to make sure that the submitter of a form was the one that requested the page in the first place.

There are just a couple of the security features.

--
Matt
http://www.mattfarina.com

jdcoffman’s picture

jdcoffman commented

What else?

we're looking at other CMS systems as well like webcrossings (yuck!) but I know in my heart that Drupal is the way to go! Nothing is as flexible and intuitive by far (joomla et. all don't even appear on the same list in my book)

What other things can be said or done about drupal security?

stuartgoff’s picture

stuartgoff commented

This is a very in-depth article done by the Open Source guys at IBM. This hits on alot of the questions your asking (and comes from a source that carries weight)

http://www-128.ibm.com/developerworks/ibm/osource/implement.html

Stuart