[CentOS-devel] forums + portal for {lang}.centos.org sites

Tue Sep 30 16:31:02 UTC 2008
Stephane Corlosquet <scorlosquet at gmail.com>

Karanbir Singh wrote:
> Ned Slider wrote:
>   
>> We (in my day job) see the same security issues for Joomla based sites 
>> when modules are used to extend core functionality. Site 
>> developers/owners are quick to extend functionality by installing 
>> additional plugins but then don't want the responsibility of maintaining 
>> multiple packages/plugins on the server. It just adds a further layer of 
>> complexity as any plugins need to also be separately monitored (and 
>> maintained) for security updates.
>>     
Drupal 6 core has a built-in Update Status feature to keep the site
admin up to date with new releases (contributed modules and security
releases). It synchronizes with drupal.org and warns you when there are
new releases for your modules. The update path is fairly easy and
automated. using cvs to check out Drupal and its modules can save you a
lot of time.
>
> yes, and its things like this :
>
> http://drupal.org/node/313054
>
> which are quite scary.
>   

This is what happens when you don't use the Drupal API
<http://api.drupal.org/>, which saves the developers from having to
worry about common security issues like XSS, CSRF, SQL injection etc. In
that way it's very quick to evaluate the quality of a module: you just
need to check whether they make good use of the API or not...

scor,
http://drupal.org/user/52142
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20080930/fe76b20f/attachment-0007.html>