Community Documentation

How do I know what a security issue or risk is?

Last updated January 30, 2013. Created by coltrane on May 21, 2012.
Edited by johntelford. Log in to edit this page.

Before understanding security risks on the web, it may help to first think about what makes a secure site.

From Cracking Drupal chapter 1, the Drupal security book by Greg Knaddison:

A site is secure if private data is kept private, the site cannot be forced offline or into a degraded mode by a remote visitor, the site resources are used only for their intended purposes, and the site content can be edited only by appropriate users.

A security issue allows someone to

  • Abuse resources in ways they aren't suppose to
  • Steal data from the site
  • Alter data on the site
Login or register to post comments

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.

About this page

Drupal version
Drupal 6.x, Drupal 7.x

Administration & Security Guide

Drupal’s online documentation is © 2000-2013 by the individual contributors and can be used in accordance with the Creative Commons License, Attribution-ShareAlike 2.0. PHP code is distributed under the GNU General Public License. Comments on documentation pages are used to improve content and then deleted.
nobody click here