Die SlideShare-Präsentation wird heruntergeladen. ×

Drupal - Melbourne cryptoparty

•

27. Okt 2012

• •

Anzeige

Anzeige

Anzeige

Anzeige

Anzeige

Anzeige

Anzeige

Anzeige

Anzeige

Anzeige

Anzeige

Anzeige

Drupal

Cryptoparty, Melbourne 27th Oct
@chrischinch

Overview
‘Drupal’ is a Trademark

Released under GPL
license, as are all modules and
themes

Drupal distributions

A healt...

You’re in good company…

Why use an Open Source CMS?

Freedom

After a bit of work

Especially with Drupal

Data in
CSV, XML, RSS, JSON, KML, OP
ML, RDF, SQL, SSO, Oauth, Op
enID, Social
Logins, phpBB, Joomla, Wordp
ress, LiveJour...

Data Out…
CSV, RSS, XML, JSON, TXT, Seri
alize, Node Code

MORE

Security process
Open source

Security Team

Most vulnerabilities, “Bad
practice”

drupalsecurityreport.org

Security Features
Passwords

Private keys

Cookies / Sessions

Passwords never emailed

Cross-site forgery / Scripting

Da...

Securing
Disabling PHP Filters

Check HTML Filters

Captcha / Mollom

Status Report

Error Logs

Privacy
Basic user tracking by default

Many other initial flaws slowly
resolved

Public & private fields

Highly configur...

More?
Drupal Melbourne
www.meetup.com/drupalmel
bourne

Australia’s first ‘official’ Drupal
Con
Sydney, 6th Feb 2013

Nächste Präsentationen

Nächste SlideShare

Wird geladen in …3

×

Hier ansehen

Power your mobile app with Drupal - Melbourne Mobile, July 2013

Green Renters' Giant Green Games

A Documentation Crash Course, LinuxCon 2016

JS, CMS, untangle the mess

Tax free bonds - 2013

HP Lovecraft, laneway learning

The past, present and future of swift, Voxxed Belgrade 2016

Tax planning 2013

Drupal - Melbourne cryptoparty

27. Okt 2012

• •

Herunterladen, um offline zu lesen

A small talk ab

Technical Writer and Blogger

A small talk ab

Weitere Verwandte Inhalte

Power your mobile app with Drupal - Melbourne Mobile, July 2013

Green Renters' Giant Green Games

A Documentation Crash Course, LinuxCon 2016

JS, CMS, untangle the mess

Tax free bonds - 2013

HP Lovecraft, laneway learning

The past, present and future of swift, Voxxed Belgrade 2016

Tax planning 2013

CiviCRM and Wordpress

Customising civicrm

Drupal DevOps - Melbourne DevOps July 2013

Power your mobile app with Drupal - Melbourne Mobile, July 2013

Green Renters' Giant Green Games

A Documentation Crash Course, LinuxCon 2016

JS, CMS, untangle the mess

Tax free bonds - 2013

HP Lovecraft, laneway learning

Shibboleth Guided Tour Webinar

APLA OS Session 2008

PHP SA 2013 - The weak points in our PHP projects

Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)

Richard Bullington-McGuire

Drizzle @OpenSQL Camp

OSCON 2008: Embrace and Extend: Making Open Technologies Displace Incumbents ...

Navigating The Clouds With An Enterprise IT Strategy

Plone in Business - Richard Shea

IGT2009 The Open Cloud Computing Interface

Getting started faster with LucidWorks for Solr

Lucidworks (Archived)

Single sign on with TYPO3

Young, phillip open source nos

epicenter2010 Open Xml

Drupal: Community Plumbing for Public Libraries

Ohio Public Library Information Network (OPLIN)

Drupal: Community Plumbing for Public Libraries

Transform your Practice's Document Management and Collaboration with Dropbox ...

Institute of Singapore Chartered Accountants

Building A Platform From Open Source At Yahoo

LogChaos: Challenges and Opportunities of Security Log Standardization

Shibboleth Guided Tour Webinar

APLA OS Session 2008

PHP SA 2013 - The weak points in our PHP projects

Enabling Web Apps For DoD Security via PKI/CAC Enablement (Forge.Mil case study)

Richard Bullington-McGuire

Electron - Solving our cross platform dreams?

Automate your docs, automate yourself

Back to the future with static site generators

Building Cross Platform Apps with Electron

Android Programming without Java

Why you should come to DrupalSouth

Extend Drupal with a CRM, DrupalGov 2013

Removing Barriers in Engagement - Melbourne Geek Night, July 2013

Tweak, Test and Debug your mobile apps from Web directions code 13

Take your drupal sites offline

Blogging with drupal

Electron - Solving our cross platform dreams?

Automate your docs, automate yourself

Back to the future with static site generators

Building Cross Platform Apps with Electron

Android Programming without Java

Why you should come to DrupalSouth

The Practice of Enterprise Architecture - 2nd Edition - Book Review

dokumen.tips_hitachi-eh4500-1-rigid-frame-truck-service-repair-manual.pdf

MariorosalesMendez

Lessons Learned in Promoting OSS Contribution from Latam

All Things Open

Process for obtaining levulinic acid esters, in particular alkyl levulinates

Toscana Open Research

GPT3 API vs. Reality

Teals-blockchain.pptx

Bootstrapping an Open-Source Program Office at Blue Cross NC

All Things Open

3. Venn Diagram.pptx

R17_HSPA_data_collection_guide_of_NodeB_V1.0.docx

Abdirahman765632

First Ever Indian Rupee Pegged Stablecoin

Meteorological hazards.pptx

Russia vs Estonia_First Cyber War (2007)

Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD

Collaboration at the Speed of Tech

All Things Open

Beginning-Scala-Options-Either-Try.pdf

Zen and the Art of Organizational Open Source

All Things Open

Concept Of Cyber Security.pdf

Make Technology Work For You 5 Advantages of outsourced IT Management - Delva...

DelvalTechnologySolu

types of media.pptx

MaricelBongcayaoSina

The State of Open Source Cloud

All Things Open

Why Custom Software Developemnt Over Zero-code Development

The Practice of Enterprise Architecture - 2nd Edition - Book Review

dokumen.tips_hitachi-eh4500-1-rigid-frame-truck-service-repair-manual.pdf

MariorosalesMendez

Lessons Learned in Promoting OSS Contribution from Latam

All Things Open

Process for obtaining levulinic acid esters, in particular alkyl levulinates

Toscana Open Research

GPT3 API vs. Reality

Teals-blockchain.pptx

Drupal - Melbourne cryptoparty

1. Drupal Cryptoparty, Melbourne 27th Oct @chrischinch
2. Overview ‘Drupal’ is a Trademark Released under GPL license, as are all modules and themes Drupal distributions A healthy consultant / developer ecosystem Acquia and commercialisation
3. You’re in good company…
4. Why use an Open Source CMS? Freedom After a bit of work Especially with Drupal
5. Data in CSV, XML, RSS, JSON, KML, OP ML, RDF, SQL, SSO, Oauth, Op enID, Social Logins, phpBB, Joomla, Wordp ress, LiveJournal… And more!
6. Data Out… CSV, RSS, XML, JSON, TXT, Seri alize, Node Code MORE
7. Security process Open source Security Team Most vulnerabilities, “Bad practice” drupalsecurityreport.org
8. Security Features Passwords Private keys Cookies / Sessions Passwords never emailed Cross-site forgery / Scripting Data Sanitisation Database Abstraction Layer
9. Securing Disabling PHP Filters Check HTML Filters Captcha / Mollom Status Report Error Logs
10. Privacy Basic user tracking by default Many other initial flaws slowly resolved Public & private fields Highly configurable permissions Cookies / EU compliance
11. More? Drupal Melbourne www.meetup.com/drupalmel bourne Australia’s first ‘official’ Drupal Con Sydney, 6th Feb 2013

Hinweis der Redaktion

Demo
The Drupal trademark — i.e. the word "Drupal", whether or not in capitals — is owned and controlled by Dries Buytaert, who cooperates with the Drupal Association and local non-profit associations to foster the use of the Drupal software. You are required to apply for a license if you intend to use it your own business name, i.e. “Chris’s Drupal shop”, but generally you don’t need to apply if you’re just using the software.GPL, version 2 or later licenseMeans you are free to download, reuse, modify, and distribute any files hosted in Drupal.org'sGit repositories under the terms of either the GPL version 2 or version 3, and to run Drupal in combination with any code with any license that is compatible with either versions 2 or 3, such as the Affero General Public License (AGPL) version 3.Very few commercial themes or modules, much clearer than some other open source CMSs, though they can integrate wit commercial services.
Strange comparison I know…Very popular with government generally worldwide
Demo
Open Source is generally considered more secure though community collaboration and quicker identifying and solving of security issuesProfessional security audits of Drupal sites have generally found that the vast majority of security holes (90% or more) are present in the custom theme or modules written by that site's developers. That code did not get the same public scrutiny that all code on drupal.org receives.In addition, problems at the server level (such as using insecure protocols like FTP) are more likely to be the means of a successful attack than a vulnerability in Drupal - especially Drupal core.
Passwords stored as a 1 way hashPrivate keys for every installationSessions always destroyed, not modifiable. Unique to each installationUsernames and password always server sideForm API and input filters prevents CSFR / XSS
Local site demo
What you’ve viewed, counts etc…Deleting your own accountShow examples, permissions and fields (same screen)Core Drupal uses cookies, hard to turn off, but you can get EU compliance modules and not enable other modules such as analytics