[documentation] security pages in handbook

Greg Knaddison - GVS Greg at GrowingVentureSolutions.com
Sun Oct 14 20:54:13 UTC 2007


Thanks for thinking about this and providing your ideas.  I think a
lot of this makes sense.

On 10/14/07, Laura Scott <laura at pingv.com> wrote:
> 4. Secure Drupal development: Writing secure code. (An entire section
> for developers. Include all appropriate sub-topics.)
>
> [Then moving on to resources, but keeping the items top-level so they
> are visible and easy to find and get to....]

I'd like to get into this section more.  The current system is
organized like this:
# Writing secure code
    * Input, the root of all evil
    * Database access
    * File uploads, downloads and management
    * Handle text in a secure fashion
    * JavaScript
    * Session IDs
    * When to use db_rewrite_sql

One other proposal has been to organize it more like this:

# Writing secure code
  * Database Access
    * Avoiding SQL Injection
    * Avoiding Access Escalation
  * Presentation
    * Avoiding XSS
  * Forms
    * Avoiding CSRF

Given that CSRF, XSS, and SQL Injection are the most popular

> Is this helpful?

Quite!  Thanks to you and Michelle for your fast turnaround and useful
responses!

Greg

-- 
Greg Knaddison
Denver, CO | http://knaddison.com
World Spanish Tour | http://wanderlusting.org/user/greg


More information about the documentation mailing list