Chapter 10. Un-Cracking Drupal
After learning to crack Drupal, you get a chapter devoted to taking a module full of weaknesses and fixing it
Throughout this book you've frequently been directed to the Vulnerable module. Chapter 1 in particular showed several of the weaknesses in the module, but you haven't seen all of them and haven't seen the proper way to write the code in that module. This chapter will show how to eliminate many of the vulnerabilities in that module and reduce the risk for abuse of some of the more risk-prone features of the module.
First, let's review the working definition of a secure site. A site is secure if:
Private data is kept private.
The site cannot be forced offline or into a degraded mode by a remote visitor.
The site resources are used only for their intended purpose.
The site content can be edited only by appropriate users.
With that, and knowledge of secure coding practices, in mind, you may want to put down the book and try to fix the module yourself. Then you can compare your version to the version presented here.
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
