Secure coding

Events happening in the community are now at Drupal community events on www.drupal.org.
You are viewing a wiki page. You are welcome to join the group and then edit it. Be bold!
Posted by kulcsi on November 27, 2011 at 10:52am
Last updated by greggles on Mon, 2011年11月28日 02:04

This page relates to the Skill sets described in the open curriculum project, and tries to describe one of the skill sets. See this page as a collaborative notebook, and feel free to edit and improve it.

Someone with Writing secure code skills:

  • knows how to handle user input securely (using check_plain() and t(), using filter_xss(), using filter_xss_admin(), ...)
  • knows how to handle URLs securely
  • is able to make queries secure against SQL Injection by using the database API: e.g. db_query(), adding the node_access tag
  • knows how to use the node_access system to keep private nodes private with
  • knows how to handle permissions, menu access arguments, menu access callbacks, and drupal_is_denied in page callbacks
  • knows how to prevent Cross-Site Request Forgeries (CSRF)
  • knows how to handle files securely
  • knows how to encode mail headers
  • knows how use SSL Support
  • knows to handle Form API Security
  • knows when/how to add account protections (e.g. password complexity requirements, password policy requirements)
  • knows how to handle AJAX Security (Request Replay Attack)

Curriculum and Training

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

AltStyle によって変換されたページ (->オリジナル) /