Advertising sustains the DA. Ads are hidden for members. Join today

Security

Following best practices helps avoid security issues.

Handle user input with care

Input, whether it comes from visitors or servers, should be handled with care.

Why does Drupal filter on output?

Some web applications process/filter the user input in the name of security before storing it in the database. Historically, Drupal has

HMAC best practices

Best practices for messages signed with an HMAC

Information disclosure in error messages not a weakness (Path disclosure, SQL error messages, etc.)

Drupal core provides a feature to show error messages to site visitors. By default this feature is enabled which is very helpful while

Your Drupal site got hacked. Now what?

This information is useful should your Drupal site get compromised. Please report any details to the security team at security@drupal.org.

Related Content

Security in Drupal 7

Securing Drupal 7 site

Guide maintainers

drumm's picture