Handle user input with care
Input, whether it comes from visitors or servers, should be handled with care.
Why does Drupal filter on output?
Some web applications process/filter the user input in the name of security before storing it in the database. Historically, Drupal has
HMAC best practices
Best practices for messages signed with an HMAC
Information disclosure in error messages not a weakness (Path disclosure, SQL error messages, etc.)
Drupal core provides a feature to show error messages to site visitors. By default this feature is enabled which is very helpful while
Your Drupal site got hacked. Now what?
This information is useful should your Drupal site get compromised. Please report any details to the security team at security@drupal.org.