Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Reviewing security and permissions

From: Drupal 7 Essential Training

Video: Reviewing security and permissions

Drupal has a good reputation for security and it deserves it. Now, every piece of complex software has security issues, but the thing about Drupal is that it has an especially large and well-organized team to respond quickly when new problems appear. And it has well-established systems to help people like you and me fix them. This video reviews what those systems are and gives you additional tips to ensure that your site is safe. Now I mentioned that security team. Their home on the web is at drupal.org/security-team.

Reviewing security and permissions

Drupal has a good reputation for security and it deserves it. Now, every piece of complex software has security issues, but the thing about Drupal is that it has an especially large and well-organized team to respond quickly when new problems appear. And it has well-established systems to help people like you and me fix them. This video reviews what those systems are and gives you additional tips to ensure that your site is safe. Now I mentioned that security team. Their home on the web is at drupal.org/security-team.

The advisories that they release are at drupal.org/security. Notice that this is for Drupal Core. If you want to keep track of any security advisories for Ccntributed projects, that is modules or themes, just click there and then Public service announcements is for less critical matters. You could come back to the web site to read these or if you would prefer to receive them in an RSS feed, each one of these pages has that available. And of course, you would subscribe to that in your mail program or any other way that you watch RSS feeds.

But let's say that you're not subscribed to that feed or you forget to read it. You will still find out about security issues in a couple of ways. One way that you'll be notified is by e-mail and you'll notice that when you first install your site. Now here I am on the last screen before finishing, where I put in the site name and username and so forth. At the bottom of that page we have this e-mail notifications check box. If you leave this box checked, and it is checked by default, you'll receive an e-mail message whenever there's an important security announcement about Drupal.

That message by the way will be sent to the super user's address. So make sure that you enter that correctly when you set up your site. The other way that you'll automatically find out about security issues is in your site itself. So let's go back to our site. Now, I've installed an older version of a certain module. And so Drupal has to tell me, hey, wait a second, the newer version is out. I will notice that when I start going to administrative pages, like when I click Modules and here it is. I see the warning saying, hey, there's a newer version. And then I click Available updates as it suggests and I can update that module if I like.

To learn how to do that and how to update Drupal itself, see the video "Updating Drupal." Okay. So your site is running the latest versions of Drupal and the contributed modules and themes. Let's talk about a few things you can do to avoid other kinds of security holes. The first one is to restrict registration. The control for that is under Configuration and Account Settings. As we scroll down, we see that you have a setting that allows only you to give people accounts or that requires your approval when someone applies for one.

We discussed these settings in the video on creating user accounts. Next, check users' roles and permissions from time to time to see if anybody is tried to get in who shouldn't. So let's go up to People and just look down our list. Ah, you see that name? That doesn't look right to me, so I might want to take a look and see what the e-mail address is or any other notices. Yeah, that looks obviously fake to me. So what I might do is I might send a note to that person saying, Hey, I see you joined my site, could you tell me a bit about yourself" and see if I get anything back.

And if not, I might decide to delete it or not. It's up to you. Along with individual users of course, you should take another look and make sure that everybody has the role that you really want them to have and that each of those roles has the permissions you want them to have. Now, the thing about restricting registration is that it can turn people off from your site. So I would like to suggest a module that can be set up automatically to increase access when people prove themselves trustworthy. It's called User Points and you'll find it at drupal.org/project/userpoints.

It's a little complicated to set up and decide how to promote people from role to role, but once you have it set up, it's really valuable. But let's get back to one more way to make your site more secure. The last one is to avoid the full HTML and PHP text formats. I demonstrated their dangers in an earlier video on using text formats to prevent damaging content. In short, anyone who can create content that has those text formats can inject unwanted content that's beyond your control and might even be able to take over your site completely.

We can see that by going to Add content and let's just say Article. This is the point of danger. If they can enter PHP code or full HTML, then you might be in trouble and the way to fix that is under Configuration > Text formats. Each one of these can be restricted by role, as you see here. That's a fairly brief overview of ways to stay on top of your site's security but there's a lot more to learn. And if you want to learn more, I recommend a book called Cracking Drupal. It's by Greg Knaddison, one of Drupal's key security personnel, and it goes into far more than I could ever hope to cover here.

Show transcript

This video is part of

Image for Drupal 7 Essential Training
Drupal 7 Essential Training

83 video lessons · 47540 viewers

Tom Geller
Author

 
Expand all | Collapse all
  1. 10m 29s
    1. Welcome
      56s
    2. Getting a Drupal site up fast
      4m 37s
    3. Using the exercise files
      4m 56s
  2. 35m 18s
    1. Managing content with Drupal
      6m 0s
    2. Comparing Drupal with other content management systems
      6m 24s
    3. Deciding whether to use Drupal
      5m 4s
    4. Looking at Drupal-built sites
      3m 20s
    5. Exploring the Drupal universe
      7m 7s
    6. Getting help with Drupal issues
      7m 23s
  3. 22m 18s
    1. Checking Drupal's requirements
      4m 34s
    2. Investigating Drupal's inner workings
      2m 54s
    3. Learning Drupal's basic workflow
      5m 24s
    4. Understanding key terms in Drupal
      4m 39s
    5. Touring Drupal's interface
      4m 47s
  4. 11m 19s
    1. Installing Acquia Dev Desktop
      3m 19s
    2. Importing core Drupal into DAMP
      3m 3s
    3. Running Drupal's installer on top of DAMP
      4m 57s
  5. 23m 20s
    1. Uploading Drupal with SFTP
      4m 56s
    2. Uploading Drupal with SSH
      7m 42s
    3. Creating Drupal's MySQL database
      3m 32s
    4. Running Drupal's installer
      3m 45s
    5. Installing Drupal using Acquia's Debian/Ubuntu package
      3m 25s
  6. 22m 14s
    1. Using the toolbar
      5m 31s
    2. Using the shortcut bar
      6m 4s
    3. Touring the administrative controls
      4m 48s
    4. Customizing the Dashboard
      3m 47s
    5. Differentiating administrator and visitor views
      2m 4s
  7. 22m 33s
    1. Understanding nodes
      2m 6s
    2. Creating basic content
      7m 48s
    3. Changing site information, graphics, and interface
      5m 27s
    4. Giving visitors a way to contact you
      7m 12s
  8. 51m 24s
    1. Creating content summaries
      5m 53s
    2. Revising content
      4m 29s
    3. Categorizing content with tags
      4m 28s
    4. Going further with content categories
      7m 23s
    5. Publishing content via RSS
      6m 52s
    6. Using text formats to prevent content damage
      9m 16s
    7. Setting the comment policy
      7m 45s
    8. Managing comments
      5m 18s
  9. 33m 52s
    1. Adding blogs
      5m 13s
    2. Adding discussion groups
      9m 52s
    3. Adding polls
      6m 29s
    4. Subscribing to RSS feeds
      7m 25s
    5. Categorizing RSS feeds
      4m 53s
  10. 37m 33s
    1. Creating new content types
      4m 58s
    2. Adding fields to content types
      9m 6s
    3. Exploring field types and options
      8m 22s
    4. Adjusting field display
      4m 38s
    5. Customizing field display by context
      2m 53s
    6. Modifying image styles
      7m 36s
  11. 34m 59s
    1. Defining new user policies
      7m 59s
    2. Creating user accounts
      6m 45s
    3. Setting up user profiles
      5m 19s
    4. Defining user roles
      2m 47s
    5. Controlling access permissions
      6m 0s
    6. Canceling user accounts
      6m 9s
  12. 29m 2s
    1. Understanding Drupal page layout
      4m 34s
    2. Taking advantage of block regions
      4m 43s
    3. Creating and modifying blocks
      5m 41s
    4. Selecting and installing downloaded themes
      7m 35s
    5. Building themes the traditional way
      6m 29s
  13. 15m 54s
    1. Understanding Drupal default menus
      5m 33s
    2. Creating multilevel menus
      3m 46s
    3. Creating easy-to-navigate books
      6m 35s
  14. 23m 54s
    1. Installing and uninstalling modules
      7m 38s
    2. Configuring modules
      4m 48s
    3. Surveying popular modules
      6m 15s
    4. Enabling styled text with a WYSIWYG editor
      5m 13s
  15. 17m 23s
    1. Understanding views
      4m 46s
    2. Creating views
      6m 27s
    3. Modifying views
      6m 10s
  16. 23m 31s
    1. Launching a Drupal site
      7m 39s
    2. Troubleshooting a Drupal installation
      5m 12s
    3. Backing up and restoring a Drupal site
      3m 44s
    4. Updating Drupal
      4m 25s
    5. Deleting Drupal
      2m 31s
  17. 15m 47s
    1. Monitoring performance
      5m 27s
    2. Improving administration skills
      3m 18s
    3. Reviewing security and permissions
      4m 50s
    4. Adopting best practices
      2m 12s
  18. 11m 27s
    1. Programming modules
      6m 2s
    2. Joining the Drupal community
      5m 25s
  19. 1m 20s
    1. Next Steps
      1m 20s

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Join now "Already a member? Log in

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed Drupal 7 Essential Training.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Your file was successfully uploaded.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.