Re: [libreoffice-website] Website and wiki design

The cracking Drupal book is about how to write secure code and secure your
website.  I actually think having a book that identifies security issues and
resolutions is good.  Every piece of software has security issues and many
have books or at least chapters on securing them.  I think your claim that
Drupal is insecure because someone wrote a book on how to secure it is
basically short sighted.  You probably did a Google search, came up with
this book and now you post it.  There are literally hundreds of thousands of
Drupal websites, some of the largest sites on the Internet are made with
Drupal.  THe ubuntu website is Drupal and so are many other open source
project websites.  If there were serious security exploits in Drupal that
were exploited all the time these sites would be defaced all the time and
they are not.

I went to codeloom.net and whats up with that?  I did a search on that and
that website looks like it was written by a child that doesn't know how to
put even a menu or a link on the site.   You literally just have an image
linked to an email.  Now, based on this I would assume that you really know
nothing about making a web page let alone a website.  This may be a false
assumption, but based on a first impression that is what I see.

I also see that your using apache for a webserver.

https://www.feistyduck.com/books/apache-security/

So, you know.... There is a book about securing apache, so I guess thats
insecure too based on the logic that if there is a book on security for a
piece of software, it must be insecure.



On Fri, Oct 15, 2010 at 5:21 PM, James Benstead <jim@codeloom.net> wrote:

> This from Greg Knaddison, who literally wrote the book on Drupal security (
> http://crackingdrupal.com/).
>
> Hi Jim,
> > > Thanks for including me in the conversation. That's very exciting that
> > > LibreOffice is thinking of using Drupal. Back in 2006 I helped add the
> > > Open Document formats to the set of defaults that Drupal allows:
> > > http://drupal.org/node/101714 :)
> > >
> > > This past spring my colleague Ben and I wrote a report about the state
> of
> > > Drupal's security: http://drupalsecurityreport.org
> > >
> > > That should help start orienting the LibreOffice folks to the situation
> > > with security and Drupal.
> > >
> > > If you want to discuss more,
> > > http://groups.drupal.org/best-practices-drupal-security is a great
> place,
> > > or I could potentially answer some questions (though I prefer my "work"
> > > mail: greg@growingventuresolutions.com )
> > >
> > > Cheers,
> > > Greg
>
> On Thu, Oct 14, 2010 at 4:52 AM, David Nelson <commerce@traduction.biz
> > wrote:
>
> > Hi, :-)
> >
> > Slightly OT question: since the White House adopted it, does anyone
> > know whether there have been any major security hardening benefits for
> > Drupal?
> >
> > David Nelson
> >
> > --
> > To unsubscribe, e-mail to website+help@libreoffice.org<website%2Bhelp@libreoffice.org>
> <website%2Bhelp@libreoffice.org <website%252Bhelp@libreoffice.org>>
> > List archives are available at http://www.libreoffice.org/lists/website/
> > All messages you send to this list will be publicly archived and cannot
> be
> > deleted.
>
> --
> E-mail to website+help@libreoffice.org <website%2Bhelp@libreoffice.org>for instructions on how to 
> unsubscribe
> List archives are available at http://www.libreoffice.org/lists/website/
> All messages you send to this list will be publicly archived and cannot be
> deleted


-- 
*Thought Farm Productions <http://www.thoughtfarmproductions.com>
thoughtfarm@thoughtfarmproductions.com*
*(201) 691-7057*

-- 
E-mail to website+help@libreoffice.org for instructions on how to unsubscribe
List archives are available at http://www.libreoffice.org/lists/website/
All messages you send to this list will be publicly archived and cannot be deleted