I'm running a private Drupal site, and I'm wondering if you guys could give me some advice on security. I'm going to use htaccess passwording and stuff, but I'm not sure if that is enough?

Any recomendations?

Comments

blud’s picture

Anyone running a private drupal site and doing anything interesting in terms of security? Or do you all just use it the way it is out of the box?

alliax’s picture

I first try to use it out of the box, I count on Drupal's team to care for security, I hope their system is secure enough for normal operation, what kind of security are you thinking of ?

You can exclude unregistered visitors from viewing content and have moderated user subscription so you can keep private.

transwarptim’s picture

This isn't a Nuke clone :-) You can safely run it as is unless you want to use the seciryty and spam modules and restrict anonymous access to certain content.

Tim

blud’s picture

Yes I want to restrict annonymous access to ALL content. Are the security and spam modules you're talking about contained in the drupal release, or are they extra addon modules?

sepeck’s picture

I suspect that the 'secutiry' module being refered to is users permissions settings that is controlled by roles.

The spam module is an add on. Drupal is a base framework that you activite/deactivate modules in core and supplement with contributred modules to customize as to your needs. Modules will work with Drupal version (Drupal 4.5.x series, uses 4.5 branch modules) and can be found here http://drupal.org/project/releases

-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide

blud’s picture

There does not seem to be any as-is way in drupal to prevent anonymous users from viewing the table of contents of my book. My solution is here: http://drupal.org/node/16402 but it's not a proper solution because my users now have control over whether they see my book's table of contents.