The cracking Drupal book is about how to write secure code and secure your
website. I actually think having a book that identifies security issues and
resolutions is good. Every piece of software has security issues and many
have books or at least chapters on securing them. I think your claim that
Drupal is insecure because someone wrote a book on how to secure it is
basically short sighted. You probably did a Google search, came up with
this book and now you post it. There are literally hundreds of thousands of
Drupal websites, some of the largest sites on the Internet are made with
Drupal. THe ubuntu website is Drupal and so are many other open source
project websites. If there were serious security exploits in Drupal that
were exploited all the time these sites would be defaced all the time and
they are not.
I went to codeloom.net and whats up with that? I did a search on that and
that website looks like it was written by a child that doesn't know how to
put even a menu or a link on the site. You literally just have an image
linked to an email. Now, based on this I would assume that you really know
nothing about making a web page let alone a website. This may be a false
assumption, but based on a first impression that is what I see.
I also see that your using apache for a webserver.
https://www.feistyduck.com/books/apache-security/
So, you know.... There is a book about securing apache, so I guess thats
insecure too based on the logic that if there is a book on security for a
piece of software, it must be insecure.
On Fri, Oct 15, 2010 at 5:21 PM, James Benstead <jim@codeloom.net> wrote:
This from Greg Knaddison, who literally wrote the book on Drupal security (
http://crackingdrupal.com/).
Hi Jim,
Thanks for including me in the conversation. That's very exciting that
LibreOffice is thinking of using Drupal. Back in 2006 I helped add the
Open Document formats to the set of defaults that Drupal allows:
http://drupal.org/node/101714 :)
This past spring my colleague Ben and I wrote a report about the state
of
Drupal's security: http://drupalsecurityreport.org
That should help start orienting the LibreOffice folks to the situation
with security and Drupal.
If you want to discuss more,
http://groups.drupal.org/best-practices-drupal-security is a great
place,
or I could potentially answer some questions (though I prefer my "work"
mail: greg@growingventuresolutions.com )
Cheers,
Greg
On Thu, Oct 14, 2010 at 4:52 AM, David Nelson <commerce@traduction.biz
wrote:
Hi, :-)
Slightly OT question: since the White House adopted it, does anyone
know whether there have been any major security hardening benefits for
Drupal?
David Nelson
--
To unsubscribe, e-mail to website+help@libreoffice.org<website%2Bhelp@libreoffice.org>
<website%2Bhelp@libreoffice.org <website%252Bhelp@libreoffice.org>>
List archives are available at http://www.libreoffice.org/lists/website/
All messages you send to this list will be publicly archived and cannot
be
deleted.
--
E-mail to website+help@libreoffice.org <website%2Bhelp@libreoffice.org>for instructions on how to
unsubscribe
List archives are available at http://www.libreoffice.org/lists/website/
All messages you send to this list will be publicly archived and cannot be
deleted
--
*Thought Farm Productions <http://www.thoughtfarmproductions.com>
thoughtfarm@thoughtfarmproductions.com*
*(201) 691-7057*
--
E-mail to website+help@libreoffice.org for instructions on how to unsubscribe
List archives are available at http://www.libreoffice.org/lists/website/
All messages you send to this list will be publicly archived and cannot be deleted
Context
- Re: [libreoffice-website] Website and wiki design (continued)
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.