[documentation] security pages in handbook

Michelle Cox mcox at charter.net
Sun Oct 14 17:40:45 UTC 2007 

CCing this directly to you because my stupid ISP doesn't let me post to the 
lists half the time.

I think this is a great idea, especially if you can make it understandable 
to people like me who don't have a clue about security. I was wondering if 
you're including theming under coding? I didn't see it listed separately. 
One thing that confuses me is when I need to do the sanitizing myself. Since 
Drupal sanitizes on output, this is important in theming. It seems like 
sometimes it's taken care of and sometimes not.

To be honest, I haven't read the existing docs. Since the title sounded like 
it's about coding, I didn't relate it to theming. I'm going to look at them, 
now, and see if my question is already answered.

Michelle


On 10/14/2007 9:47:26 AM, Greg Knaddison (greg at pingvox.com) wrote:
> Hello Folks,
>
> I'm writing to get some feedback about the current security pages in
> the handbook and ideas for how to improve them.  James Walker and I
> have a two phase plan for "security education": step 1 is to make
> these documents even easier to read and "better".  Step 2 will be
> raising awareness about them and teaching based on these documents.  I
> want to talk about step 1 here.
>
> ++Audience:
> So far we've
> identified 3 groups of people we want to target with these pages:
>
> 1) Drupal "site admins" who need to know how to configure their sites,
> how to get notifications about security updates, and what to do if
> they think they have been a victim of a security attack.
>
> 2) Drupal coders - people who write modules and need to know how to do
> this safely.
>
> 3) Evaluators / Managers who are less technical and need justification
> that yes, Drupal cares about this and yes, they should too in
> prioritizing their budgets and project plans.
>
> ++Current hierarchy:
> 1) http://drupal.org/security-team which contains information about
> the team and the processes/procedures for security stuff within the
> Drupal project
> 2) http://drupal.org/writing-secure-code

More information about the documentation mailing list