Drupal receives security updates several times a year, and we always apply them as soon as possible. Since Drupal security issues can make the headlines, it's important that site owners know that their site is secure and up to date - it provides for peace of mind and for pride in an excellent site.
We decided this year to ensure that clients know about security updates to Drupal Core on their site. Via a quick email, we plan to let site owners know not only that an update has happened, but what was affected and how it worked. Keeping site owners...
Last night saw the popular EU Cookie Compliance module fall from grace, as the Drupal community discovered that numerous inputs in the admin form were not being sanitised.
To me, this shows some serious failings in how our community is handling security awareness. Let's do some fixing :)
1) We need to make this OBVIOUS, with clear examples
One of the most important things when trying to get people to write secure code is making them aware of the issues. We need Drupalers of all levels of experience to know and understand the risks posed by unsanitised input, where they...
Drupal empowers site builders and editors to configure their sites in settings forms. Configuration management lets developers push changes up to live sites to be imported. But developers have to be considerate to ensure imports will not wipe out those changes made directly through the live sites' settings forms. At the least, they have to export the changes before making further tweaks. But admins may make further changes in the meantime too, so developers can end up frequently pulling irrelevant changes back from live, which seems unnecessary.
Here's some examples of the kind of config that I'm thinking of:
ABJS is a contrib Drupal module, and, without any requirements or ties to paid services, is as low cost as you can get. As we’ll see, it’s pretty basic but it really lets you get down to building your own understanding of how A/B testing works. The beauty of ABJS is in its simplicity. The settings pages are fairly self-explanatory, which is really helpful. Let’s set up a basic A/B test to show how things work.
Setting up our first experience
In our test, we’re going to split the site 50:50 in order to test an alternate homepage design. Go...