Community
General » General discussion

Safety

Posted by WillyN on January 28, 2013 at 5:38pm

I have a serious problem with security in Drupal.
On my Drupal site I had information / have information that should not be accessible to everyone.
There are access through use of the name assigned to a role.

But when I eg. write in the address bar:
http://www.domain.nn/?q=node/25
So can I, as anonymous, see content / node in the browser.
Is safety really not better in Drupal
Can it be true, that there is access to content simply by wrote the number of a (protected by role) node?
I'm confused.

Regards
Willy

Login or register to post comments Categories: ,

Comments

By default Drupal has simple

Posted by nevets on January 28, 2013 at 5:45pm

By default Drupal has simple role based view permissions. For more control you can use a module like Content Access

Yes it is true. But no matter

Posted by WillyN on January 28, 2013 at 5:57pm

Yes it is true.
But no matter how simple it is, it should probably prevent anonymous in access to nodes that are protected by roles. Everyone else can access the content on a site without logging on.
There must be an error in safety or I'm doing something wrong.
But I can not see what I'm doing wrong.
/willy

If you do not want anonymous

Posted by nevets on January 28, 2013 at 6:01pm

If you do not want anonymous users to be able to view any content visit People >> Permissions (tab)

Under "Node" there is a "View published content", disable (uncheck) this permission for anonymous users.

It appears to be the

Posted by WillyN on January 28, 2013 at 6:16pm

It appears to be the solution.
I had put a checkmark in the 'view content' for anonymous user!
(I've seen for it several times but must have missed it).

But after I created several roles / users I get now this message:
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried two Allocate 3798690 bytes) in / var/www/domain/user1/modules/user/user.admin.inc on line 787
If you have a suggestion for how to fix it (or a link) I would be grateful.

In any case, I thank you for your reply.
It was quick help.
/willy

=-=

Posted by VM on January 28, 2013 at 6:33pm

new questions deserve new threads.

your install is running out of memory. why exactly can't say without knowing how many roles you created, how many modules are installed and so on.

I wonder if this may

Posted by AlienBZ on January 31, 2013 at 3:01am

I wonder if this may help?

Here goes - have been reading a bit in my Drupal book by Emma J. Hogbin, and the first thing it talks about is "minimum server requirements' and underneath this it says PHP memory allocation on your server should be at least 64 MB, but I'm thinking you might have to allocate more RAM, like say, 256 MB, or higher,

and on page 146 - 47 of the same book, it says under "forum access" it tells how to make a forum private.

this is just my MHO.

btw, I'm in school training to be a tech, having just started an information security class this semester.

Someone told me that Drupal

Posted by WillyN on February 8, 2013 at 8:25am

Someone told me that Drupal was easy to use;)
Thank you. I look at this.
Willy