2.1. Server and Network Vulnerabilities
Drupal is written in PHP and requires a database, typically MySQL or PostgreSQL. Those are the only real certainties about the environment. Most Drupal sites rely on the popular LAMP stack: Linux, Apache, MySQL, PHP. That is far from a requirement, though. It can also run under any web server that can run PHP, including Microsoft's Internet Information Server, nginx, and lighttpd, or even under a Java servlet by using a PHP compiler that outputs Java bytecode. Similarly, there are ports of Drupal to run with Oracle's database, Microsoft's SQL Server, IBM DB2, and the open source SQLite. And, while GNU/Linux is a common operating system, just about any flavor of Unix-like operating system will work. Drupal is also known to run quite well on Windows and Mac OS X.
2.1.1. Weaknesses across the Stack
Drupal is just one piece in a large stack, and it's important to consider that stack when securing Drupal. Figure 2-1 gives you an idea of a typical Drupal installation and the way that it relies on other components.
Figure 2.1. A typical Drupal installation
In this example Drupal is installed on a typical Linux server that runs Apache and PHP and responds to requests coming in from the Internet. It connects to a separate MySQL database server running FreeBSD and also interacts with an internal server running Solaris that provides a REST API. The ...
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.