By waltergr on

I'm fairly new to Drupal. Got an install up and running quickly, and have spent the last few days (all day) reading the handbooks and watching various screencasts (http://drupal.org/videocasts)

Are the handbooks considered the definitive documentation? I'm finding that they leave out many details. Can these details be found somewhere that I'm not looking?

For example:

  • Databases
    • I want to use InnoDB tables rather than MyISAM in my MySQL database. How do I configure this?
    • When I installed Drupal, it created MyISAM tables. If I simply change the type to InnoDB, will this cause problems?
    • Is there any official documentation on InnoDB vs. MyISAM for Drupal?
    • In Administer >> Logs >> Status report, when I click on "MySQL database", it lists the following:
      • Select_full_join - 3065 - The number of joins without an index; should be zero.
      • Select_range_check - 25012 - The number of joins without an index; should be zero.
      • Sort_scan - 98962 -The number of sorts done without using an index; should be zero.
    • What's the cause? How do I fix it? A google search brings up nothing of use.
  • Security
    • Presumably access to /cron.php should be limited to admins. Is it already protected? Do I need to protect it myself? How do I do that?
    • Logins never seem to time-out. This is dangerous, especially for the admin accounts. Is there a way to enable this?
  • Misc
    • How does Drupal determine what pages result in a 404 error? For example, if I go to example.com/admin/settings/error-reportingTHISPAGEDOESNOTEXIST, it shows the Site Configuration screen, rather than a 404.
    • In the Drupal Cookbook, the section on taxonomies says "For example, I run a web site for a group that has members submit articles for a monthly newsletter. They wanted a way to organize it so that they could go back and review it by date or topic. So I created two vocabularies, one for the issue date and one for the topic." Is the only way to organize content by date to use taxonomies?

      These are but a few of the subjects I find lack specification. Am I looking in the wrong place?

      Thanks,

      WalterGR

Categories: Drupal 5.x

Comments

nancydru’s picture

nancydru
she/her/hers
Primary language English
Location Boston
commented

Some of these questions interest me too. But I have a few answers.

Security -
Cron.php is executed outside the site by the Cron job. I just tried executing it and the screen went blank - that should be pretty scary. There are modules that implement a log in timeout; unfortunately, I don't know what they are.

Misc -
The Drupal Cookbook is NOT a definitive treatise. It is only to help people get up to speed a bit quicker. No, taxonomies are not the only way to organize by date. It's useful in that particular case because articles can be submitted at any time (even months ahead), but are to be published once a month.
All nodes have a created and changed date (timestamp) associated with them and most queries use one or both of those fields to organize the results. Comments also have created and updated dates that can be used to change the order of their associated nodes. Event nodes have dates and times associated with the events and are generally presented in a calendar format, but could be listed based on the event dates. The Content Construction Kit (CCK) can add more date fields and you can do whatever you want with them. So there are about as many ways to organize things by date as there are things to be organized.

Nancy W.
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in your database

NancyDru

waltergr’s picture

waltergr commented

Thanks for your speedy reply, Nancy.

The Drupal Cookbook is NOT a definitive treatise. It is only to help people get up to speed a bit quicker.

But are the handbooks the definitive documentation? They seem more like a collection of verbal lore about Drupal.

Cron.php is executed outside the site by the Cron job. I just tried executing it and the screen went blank - that should be pretty scary.

Yes, it could be scary for random users, but if a malicious person wants to DoS a Drupal site, I can't imagine anything better than hammering cron.php. It would use up a ton of resources. I can think of 2 solutions:

  1. Security through obscurity - rename cron.php to some hard-to-guess name. What would this break? Would this break the "run cron manually" link in Administer >> Logs >> Status report?
  2. Restrict access to specific IPs using .htaccess. One could restrict it to localhost, so that cron jobs scheduled on the server would continue to run.

I find it... surprising... that this isn't discussed in the handbook.

Looking on Amazon, the only book with decent reviews is Pro Drupal Development, which I just purchased. It's basically about how to extend Drupal with modules, themes, etc. It talks about the "guts" of Drupal and how to extend them... What bridges the gap between the Handbooks and books such as this?

Thanks,

Walter

vm’s picture

vm commented

The theme developers guide in the handbook yes, definitive
the module developers guide in the handbook yes, definitive

api.drupal.org which lists all the apis with the code, yes definitive

before you treat drupals.cron.php as needing secuity you should read the code, and the code documentation. Also you can hammer any page of a "dynamic" site to DoS attack, when you find it happening to your site, block the IP. cron.php doesn't do much without the admin's settings in the admin UI. 1000's of sites use drupal, some of them very big sites, who have no problems with cron, causing any DoS attacks. If nothing is staged to run in the admin UI, then basically cron doesn't do anything.
Yes your internal links to cron.php would break and you would likely get error messages in your watchdog DB table related to not being able to find cron.php.

session lifetimes can be set in settings.php, again, reading the actual code, and the comments (drupal code is commented nicely) in the code.

I don't believe there are any gaps between the information found in the handbooks and the pro drupal dev book. There are plenty of drupal sites on the net that offer their tips & tricks as well. lullabot.com, drupal-dojo.com, groups.drupal.org, angrydonuts.com nicklewis.com 11heavens.com, nancy's sites, michelle has a few sites as well with tutorial type information. Robert Douglass's Book was a good read for those just starting out with Drupal as well, Building Communities.

waltergr’s picture

waltergr commented

before you treat drupals.cron.php as needing secuity you should read the code, and the code documentation.

later...

session lifetimes can be set in settings.php, again, reading the actual code, and the comments (drupal code is commented nicely) in the code.

The Documentation in the API reference, e.g. http://api.drupal.org/api/5/file/cron.php and http://api.drupal.org/api/5/file/sites/default/settings.php offers no details. The "view source" tab for both returns "Page not found."

I don't believe there are any gaps between the information found in the handbooks and the pro drupal dev book.

If the only answer is to read the code, there must be a gap. For example, where do I find the answers to my other questions, regarding InnoDB vs. MyISAM, "number of joins without an index" not being zero, which pages return 404, and organizing content by date?

Thanks,

Walter

vm’s picture

vm commented

kind sir, open settings.php scroll down to session lifetime and set it. there are "comments" in the code itself.

innodb = http://drupal.org/search/node/Innodb quite a few threads there reagarding innodb. (search may be the 1 thing that bridges the gap : )

which pages return a 404 ? , any and all pages that there is a "page not found error" .... this is not specific to drupal, this is specific to page not found errors as a 403 is specific to an access denied error, and a 500 is specific to an internal server error

organzing content by date: you can use a view from the views.module , depending on your needs. views module documentation and tutorials are found in the handbook under, contrib modules.

with regards to:

Select_full_join - 3065 - The number of joins without an index; should be zero.
Select_range_check - 25012 - The number of joins without an index; should be zero.
Sort_scan - 98962 -The number of sorts done without using an index; should be zero.

you haven't offered any information on your server OS, MySQL version or PHP version to help diagnose an error of this nature.

nancydru’s picture

nancydru
she/her/hers
Primary language English
Location Boston
commented

Open Source software is "written" by many people, most of whom don't like to document. That's one of the few drawbacks to open source. However, with a forum site like this one, it's not a major problem. If you can't find it, ask. Almost always you'll get answered pretty fast. And there are many people here who are far smarter and more knowledgeable than I. Verymisunderstood is one of those. (But I think he's stalking me - he answers most of the same things I do. Hmm)

Nancy W.
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in your database

NancyDru

vm’s picture

vm commented

and many more of the ones you don't chime in on : P

waltergr’s picture

waltergr commented

Open Source software is "written" by many people, most of whom don't like to document.

I guess what it comes down to is that I have to make a decision today or tomorrow about whether I'm going to continue with Drupal or not.

If

  • the handbooks are, in fact, the only source of documentation
  • viewing the source code is the only source of definitive documentation
    • (aside from the module and theme writers guides, which Verymisunderstood mentioned previously)
    • one has to view the source code in a text editor, because
      • the "view source" tab on api.drupal.org returns "Page not found" for every file
      • the "view documentation" tab shows incomplete documentation. (For example, http://api.drupal.org/api/5/file/sites/default/settings.php has incomplete Doxygen docs. Compare those docs to what you see when you open settings.php in a text editor)

Then that answers my questions.

Thanks,

Walter

vm’s picture

vm commented

odd, doesnt really make a difference to me where i read the documentation. I don't use a plain text editor, so comments in the code are highlighted for me, maybe this is why I don't see reading the source codes "comments" a problem.

/**
 * PHP settings:
 *
 * To see what PHP settings are possible, including whether they can
 * be set at runtime (ie., when ini_set() occurs), read the PHP
 * documentation at http://www.php.net/manual/en/ini.php#ini.list
 * and take a look at the .htaccess file to see which non-runtime
 * settings are used there. Settings defined here should not be
 * duplicated there so as to avoid conflict issues.
 */
ini_set('arg_separator.output',     '&');
ini_set('magic_quotes_runtime',     0);
ini_set('magic_quotes_sybase',      0);
ini_set('session.cache_expire',     200000);
ini_set('session.cache_limiter',    'none');
ini_set('session.cookie_lifetime',  2000000);
ini_set('session.gc_maxlifetime',   200000);
ini_set('session.save_handler',     'user');
ini_set('session.use_only_cookies', 1);
ini_set('session.use_trans_sid',    0);
ini_set('url_rewriter.tags',        '');

lastly:

one has to view the source code in a text editor, because
the "view source" tab on api.drupal.org returns "Page not found" for every file
the "view documentation" tab shows incomplete documentation. (For example, http://api.drupal.org/api/5/file/sites/default/settings.php has incomplete Doxygen docs. Compare those docs to what you see when you open settings.php in a text editor)

compare what you've seen for those two pages, cron and settings with the documentation found in "functions", granted to source code doesn't come up under the source code tab, source files can be seen in CVS as well. not sure why the two aren't connected, they used to be. could just be a server situation at moment, or a bug that noone has reported.