[documentation] security pages in handbook
Greg Knaddison - GVS
Greg at GrowingVentureSolutions.com
Sun Oct 14 20:54:13 UTC 2007
Thanks for thinking about this and providing your ideas. I think a
lot of this makes sense.
On 10/14/07, Laura Scott <laura at pingv.com> wrote:
> 4. Secure Drupal development: Writing secure code. (An entire section
> for developers. Include all appropriate sub-topics.)
>
> [Then moving on to resources, but keeping the items top-level so they
> are visible and easy to find and get to....]
I'd like to get into this section more. The current system is
organized like this:
# Writing secure code
* Input, the root of all evil
* Database access
* File uploads, downloads and management
* Handle text in a secure fashion
* JavaScript
* Session IDs
* When to use db_rewrite_sql
One other proposal has been to organize it more like this:
# Writing secure code
* Database Access
* Avoiding SQL Injection
* Avoiding Access Escalation
* Presentation
* Avoiding XSS
* Forms
* Avoiding CSRF
Given that CSRF, XSS, and SQL Injection are the most popular
> Is this helpful?
Quite! Thanks to you and Michelle for your fast turnaround and useful
responses!
Greg
--
Greg Knaddison
Denver, CO | http://knaddison.com
World Spanish Tour | http://wanderlusting.org/user/greg
More information about the documentation
mailing list