Advertising sustains the DA. Ads are hidden for members. Join today
Develop
- Local server setup
- Development tools
- Using Composer
- Git version control system
- Managing a drupal.org theme, module, or distribution project
- Security
- Drupal project issues
- Usability testing
- Profiling Drupal
- [Obsolete] Coding standards
- User interface standards
- Theming Drupal
- Creating custom modules
- Drupal APIs
- Automated Testing
- Upgrading and converting Drupal 7 modules
- Core modules and themes
- External Libraries in Core
- Mobile guide
- Decoupled Drupal
Security
Following best practices helps avoid security issues.
Handle user input with care
Input, whether it comes from visitors or servers, should be handled with care.
Why does Drupal filter on output?
Some web applications process/filter the user input in the name of security before storing it in the database. Historically, Drupal has
HMAC best practices
Best practices for messages signed with an HMAC
Information disclosure in error messages not a weakness (Path disclosure, SQL error messages, etc.)
Drupal core provides a feature to show error messages to site visitors. By default this feature is enabled which is very helpful while
Your Drupal site got hacked. Now what?
This information is useful should your Drupal site get compromised. Please report any details to the security team at security@drupal.org.