Good security practices protect your site from hacker attacks. In this article we'll look at some methods for reducing security risks on your site.Drupal Security Best Practices
Drupal has good security built in if used correctly. However, once you begin to configure your site you might introduce new security issues. Plan configuration so that only trusted users have permissions that involve security risks.Tags: acquia drupal planet
Welcome to Dublin, stranger. Why don't you come and warm yourself round our campfire? There. That's better.
Help yourself to stew, it's all we have, but you're welcome to share it.
It's good stew, warms all the right parts in all the right ways. The only thing we ask in return is that you share with us your secrets. You know, the secrets of your success.
Don't be shy now, I can see from the way you walk that you're a superstar project manager. Seeing that sort of thing is just a gift of mine, I guess.
In this week’s higher education notes and trends, predictive behavior technology comes to the education sector, for-profit schools see sharp declines and a closer look at how the University of Southern California is differentiating itself from other prestigious private schools by becoming a leader in recruiting minorities.
Provides a Bootstrap accordion for taxonomy vocabularies. This module is compatible only with Bootstrap 3 since significant changes were made between version 2 and 3.Requirements
* Please see Bootstrap documentation for which version of jQuery is required.
With the advent of web services in Drupal 8 core, decoupling Drupal — namely, using Drupal as a content repository to expose data for retrieval and manipulation by other applications — has never been easier. Now, with the REST module in core, you can transform Drupal into a data service without custom code or substantial configuration. But is it a good idea? What are some of the considerations you should scrutinize when opting for a fully decoupled project?Tags: acquia drupal planet
Provides a method for hiding or displaying fields when editing a node to a user based on their role. This works differently than field_access that is an "opt-in". This uses an "opt-out" model where all fields are visible by default unless turned off for that role. All default or existing values of the field are maintained.
Earlier this year I set about creating a day of training for DrupalCamp London. It was based on a PHP Framework course I’d given, but reduced to fit into a day. We ended up focusing on Modern PHP, as that was most useful for the attendees in their transition from Drupal 7 to Drupal 8.
It was a really successful day, and I had some great feedback. I have since developed the idea into a two day training course, which looks at some of the core concepts behind most modern PHP apps.
Over the past couple of months I have worked hard to refine the content and edit it down into a short guide. I’ve released it (thanks to Leanpub) in the form of a book. It guides the reader through a weekend-long project to construct a simple PHP web framework.
“a weekend, the fundamental unit of coding self-improvement” - Peter Shirley
In particular, it uses Symfony Components, and some other popular PHP packages, to demonstrate the core features of web frameworks, like routing, templating, controllers, and dependency injection. Projects such as Drupal, phpBB, Laravel, eZ Publish, Joomla!, Magento, Piwik, and many more are using Symfony Components as a foundation on which to build. The book uses these, and more, to build our own PHP Framework in a weekend.
Here’s the full contents:
- Getting Started
- Managing Complexity
- Dependency Injection
- Design and Layout
Click the cover image below to get the book:
Drop me a line if you have any questions.
Drupal 8 content access control gone meta. DIY taxonomy access control / organic groups / domain access.
Second part in a series of how to use XHProf effectively within a VM for a Drupal website. Continue reading…
There are so many amazing companies in the Drupal universe contributing their time and resources to the community and project right now. They’re taking the initiative to encourage their employees to contribute code. They’re sharing what they've learned while trying to provide clients with superior digital experiences. They’re donating their time to provide educational content to the community. And they’re doing a lot of it through their own internal operations.
Some of these businesses are also members of our Supporter Programs, which fund Drupal.org’s maintenance and improvements. And for that, we can’t thank them enough.
"Supporting Partners help us make Drupal.org a better home for our community. Their financial support is directly responsible for DrupalCI, the Issue Credits system, and all the other initiatives we've undertaken as a team. Take the Drupal 8 landing page as one example. Funding from Supporting Partners let us promote the release of Drupal 8 with a level of professionalism and finesse that no Drupal release has had before. Work like that builds a stronger ecosystem for our Supporters and for the wider community." - Tim Lehnen (hestenet), Drupal Association Project Manager
In this quarter alone, with financial support from the Supporting Partners, the Drupal.org tech team has been able to:
- Launch the Alpha of their Composer façade
- Update the Git Twisted daemon, which serves as the backend for the Drupal.org Git repositories and packaging process
- Launch a new staging environment that more closely matches the production environment, optimizing the development workflow
- Improve performance of the DrupalCon Events website
- Deploy CKEditor to Drupal.org's Section, Page, and Post content types, which brings a more impressive editorial experience to Drupal.org
All of this happened while ensuring DrupalCI ran smoothly for DrupalCon New Orleans sprints, successfully launching registration for DrupalCon Dublin (get your tickets now!), and launching the DrupalCon Baltimore splash page. Needless to say, the Drupal.org team has been busy, and it wouldn’t have been possible without our Supporting Partners financial contributions.
Check out our recent Drupal.org update for more details on exactly what the team was able to accomplish this past quarter. And to see where the team is headed next, take a look at the Drupal.org team's working roadmap.
As a testament to the relentless support these companies continue to show, here’s a list of new or renewing partners just this quarter:
- EPAM Systems
- Aten Design Group
- Phase2 Technology
- Digital Circus
- HS2 Solutions
- Cybage Software, Inc.
- The Cherry Hill Company
- Cheeky Monkey Media
- Message Agency
- Adapt A/S
- Unleashed Technologies, LLC
- Promet Source
- Digital Echidna
- ThinkShout Inc.
- Amazee Labs
- ImageX Media
- Four Kitchens
- Evolving Web
- Acro Media Inc
- Facet Interactive
- Last Call Media
- QED42 Engineering Pvt Ltd.
If you want to give back to the Project and help fund this important work, please contact our Executive Director, Megan Sanicki, for details. Your participation will be much appreciated and your company will also be able to enjoy great benefits in return!
Each day, between migrations and new projects, more and more features are becoming available for Drupal 8, the Drupal community's latest major release. In this series, the Acquia Developer Center is profiling some prominent, useful, and interesting projects--modules, themes, distros, and more--available for Drupal 8. This week: Rules.Tags: acquia drupal planetRulesworkflowintegration
As you may know, Drupal 6 has reached End-of-Life (EOL) which means the Drupal Security Team is no longer doing Security Advisories or working on security patches for Drupal 6 core or contrib modules - but the Drupal 6 LTS vendors are and we're one of them!
Today, there is a Moderately Critical security release for Views to fix an Access Bypass vulnerability.
An access bypass vulnerability exists in the Views module, where users without the "View content count" permission can see the number of hits collected by the Statistics module for results in the view.
This issue is mitigated by the fact that the view must be configured to show a "Content statistics" field, such as "Total views", "Views today" or "Last visit".
If you have a Drupal 6 site using the Views module, we recommend you update immediately! We have already deployed the patch for all of our Drupal 6 Long-Term Support clients. :-)
If you'd like all your Drupal 6 modules to receive security updates and have the fixes deployed the same day they're released, please check out our D6LTS plans.
Note: if you use the myDropWizard module (totally free!), you'll be alerted to these and any future security updates, and will be able to use drush to install them (even though they won't necessarily have a release on Drupal.org).
Drupal 8.1.3 and 7.44, maintenance releases which contain fixes for security vulnerabilities, are now available for download.Download Drupal 8.1.3 Download Drupal 7.44
Upgrading your existing Drupal 8 and 7 sites is strongly recommended. There are no new features or non-security-related bug fixes in these releases. For more information about the Drupal 8.1.x release series, consult the Drupal 8 overview. More information on the Drupal 7.x release series can be found in the Drupal 7.0 release announcement.Security vulnerabilities
Drupal 8.1.3 and 7.44 were released in response to the discovery of security vulnerabilities. Details can be found in the official security advisory:
To fix the security vulnerabilities, please upgrade to either Drupal 8.1.3 or Drupal 7.44.Change log
We have a security announcement mailing list and a history of all security advisories, as well as an RSS feed with the most recent security advisories. We strongly advise Drupal administrators to sign up for the list.
Drupal 8 and 7 include the built-in Update Manager module, which informs you about important updates to your modules and themes.Bug reports
Adding media (for most people that means adding images) in Drupal has been an issue for a long time. Adding reusable media (upload an image once, use it on any page on your website) has been even trickier.
With the advent of Drupal 8 and the sterling work done by the media team, adding reusable media (in a very user friendly manner) is now a reality. This tutorial shows you how:
Leveraging a common Drupal codebase to power multiple Drupal sites provides compelling benefits, including faster site launches, reduced maintenance overhead, and centralized security updating.
However, in order to be successful and avoid typical traps, the use of a common Drupal codebase requires some extra design care and strategy.Tags: acquia drupal planet
E-commerce sites are more and more commonly offering live chat for their visitors as a way of customer support. There is a wide selection of modules for Drupal that can add this functionality. However, most, if not all, I found rely on third party chat services. A while ago, I decided to build a native live chat module in connection with a project of mine. The module has been released as Customer chat.