Drupal News

Dropsolid: How we installed a Drupal security patch on 1300 sites, stress-free!

Main Drupal Feed - Wed, 04/04/2018 - 15:28
04 Apr How we installed a Drupal security patch on 1300 sites, stress-free! Nick Veenhof Drupal

Yesterday a highly critical security issue in Drupal was released. The issue itself is considered critical, because, the way we understood, it makes it possible to execute code as an anonymous user. This could lead to a complete hack of your site and complete exposure of your content - or, worse, if your webserver is badly configured, a full-scale hostile takeover of your server. (More background info available here and here.)

The issue was announced to the Drupal community a week early, so our Dropsolid team had plenty of time to anticipate and prepare. Currently, Dropsolid serves 482 unique and active projects, which contain on average three environments. To be more precise, this gave us a whopping 1316 active Drupal installations to patch. These environments are located on 65 different servers. 45 of those servers are out of our hands and are managed by other hosting companies, such as Combell or even dedicated hardware on site with the customer. At Dropsolid we prefer to host the websites within our own control, but to the Dropsolid Platform this ultimately makes no difference. For some customers we also collaborate with Acquia - these clients are taken care of by Acquia’s golden glove service.

So, back to preparing to patch all the different Drupal installations. We would be lying if we said that all Drupal installs were running on the latest and greatest, so we used Ansible and the Dropsolid Platform to gather all the necessary data and perform a so-called dry run. This was a real-world test across all our installations to verify if we could pass on a patch and then deploy it as soon as we have confirmed that the patch works for all the versions that we have available on our Dropsolid Platform. For example, it verified if the patch tool is available on the server, it injected a text file that we then patched to make sure the flow of patching a Drupal installation would go smoothly, etc. Obviously we detected some hiccups as we were testing, but we were left with enough time to resolve all issues in advance.

Throughout the evening, we had plenty of engineers on stand-by, ready to jump in should something in the automated process go wrong. The entire rollout took us about 2 hours - from the release of the patch over verifying the patch on all the different Drupal releases to rolling it out on all sites and, finally, relax with a few beers. This doesn't mean we had it easy. We had to work a lot, but a lot of hours just to make sure we could handle this load in this amount of time. That is why we are continuously building on our Dropsolid Platform.

Those who joined our hangout could bear witness to exactly how comfortable and relaxed our engineers were feeling during the rollout.

You might ask, joined our hangout? What are we on about exactly? Well, since the Drupal community was in this together, I suggested on Twitter to all join in together and at least make it a fun time.

A few nice things that happened during this hangout:

  • Someone played live ukelele for us while we waited
  • Someone posted a fake patch and made everyone anxious, but at least it was a good test!
  • People were able to watch Dropsolid in total transparency how we coped with this patch and were also able to interact and talk to others in the hangout.

It made the whole evening a fun activity, as witnessed by Baddy Sonja.

Obviously this couldn’t have happened without the help of our great engineers at Dropsolid - and also because we invest a lot of our R&D time into the development of the Dropsolid Platform, so we can do the same exercise times 10 or times 100 without any extra human effort. Thanks to the Drupal security team for the good care and the warning ahead of time. It made a tremendous difference!

All our Dropsolid customers can rest assured that we have their backs, all the time!

If you are not a Dropsolid customer yet and you are interested to see how we can help you make your digital business easy, we’d be more than happy to talk. If you are running a Drupal site and need help with your updates or with your processes, we’d be glad to to help out and onboard you onto our Dropsolid Platform. You can keep your server contract while benefiting from our digital governance and expertise. Are you in charge of many many digital assets and feeling the pain? Maybe it’s time you can start doing the fun things again - just have a chat with us!

 

Get in touch

Evolving Web: Structuring Content with Drupal 8

Main Drupal Feed - Wed, 04/04/2018 - 14:11
Structuring Your Drupal Website

Drupal has always been a strong content management platform. The number one reason we use Drupal is because it so easily adapts to our clients’ content models. It enables us to easily map and structure many different types of complex content.

Let’s look at how we go about structuring that content in Drupal, and how we use terminology to define, group and link different types of content.

Content Entities

In Drupal 8, every piece of content is an entity. To structure a site, you want to define different types of entities that will store different types of content.

Let’s take a publishing website as an example. We’re going to create entities for: books, authors, editions, interviews, reviews, book collections, book categories, and so on. You can start by drawing a map of all these nouns. I like mapping out content on a whiteboard because it’s easy to erase and change your mind and it’s bigger than a piece of paper.

Relationships

Once you’ve mapped all the different types of content that will exist on your site, identify the connections between them. Simply draw arrows arrows between the content types that are related to one another.

For example:

  • A book has an author (or multiple authors): draw an arrow from book to author

  • A book can have editions: draw an arrow from book to edition

  • A book can have reviews, interviews: connect these

  • A book collection has books: group books by collection

  • A book has categories: associate books with topics and categories

Entity Terminology: Bundles, Nodes, Taxonomy, Paragraphs, Blocks

Nodes, taxonomy terms, custom blocks, and paragraphs are all different types of entities. Each entity type has unique properties that make it better suited for different use cases and content types.

Here’s a breakdown of the most important Drupal terminology you need to know to structure your content:

  • Node: A page of content is a node, accessible via its own URL
  • Taxonomy terms: Used to categorize other content, taxonomy terms live in a hierarchy. They can be used to filter content and create unique landing pages.
  • Paragraphs: Content that lives within other content and doesn’t need a dedicated URL is a paragraph.
  • Custom Block: Any content that will be reused throughout the site becomes a custom block. You can also embed a block in a node.
  • Bundle: An entity sub-type is a bundle. Usually, bundles can have have unique fields and settings.
  • Field: A field is a component of the content, i.e. an ISBN, author’s name, or book title
Applying this Model to our Example Project

Here’s how we would decide which entity type to use for each content type:

  • Books and authors become nodes

  • Book categories become taxonomy terms

  • Interviews, reviews and editions could be paragraphs

  • Books and authors would be node bundles (aka content types)

  • A book category is a taxonomy bundle (aka vocabulary)

  • A book collection is a block bundle (block type)

  • Reviews and interviews are paragraph bundles (aka paragraph types)

  • A book collection that needs to be displayed on several pages becomes a block

Focusing on Each Entity to Create Fields

Once you’re looking at a book, you can start to think about what defines a book.

Ask yourself:

  • What information should it have?

  • Which information needs to be displayed?

  • How will we filter and order this content?

  • Will there be a single value for the field or multiple values?

List the various components of the content: title, author, ISBN, covers, genres, editions, reviews, interviews. Each of these will be a field.

Fields in Drupal can be single value (for example, each book has a single ISBN number) or multi-value (a book can have multiple reviews or authors). There are many other fields types that can store the content in a certain way that will affect how it can be displayed or used later (text, date, number, email, link, etc). A field that links one entity to another is a ‘reference’ field.

Information Architecture

So far we’ve talked about structuring your content using entities and bundles. But how do users actually access your content? When you’re building out your site map, you’ll probably picture top-level pages. These may link to dynamic lists of content, or they may have sub-pages that are added beneath them.

Linking to Content

In Drupal, we have three main ways to link to content: menus, views, and fields. In general, this is how we use them:

Menus are for static content: Menus are a static hierarchy of content. If you’re creating permanent content on the site that will be relevant for a long time, you’ll probably link to it through a menu.

Views are for dynamic content: Content that is ‘dynamic’ that will be added to frequently and is too abundant to add to a menu will probably be listed and linked to via views (the Drupal term for ‘list of content’).

Entity reference fields or link fields: You can also explicitly add a link from one content item to another using an entity reference field or a link field. For example, if you have a book and you want to have it link to three other hand-selected ‘related books’, you could create a ‘Content’ reference field for this.

You can go through your site map and figure out which pages are static (linked to by the menu) and dynamic content (linked via views). Landing pages tend to be connection pages. For example, a landing page might live in the menu, list a bunch of dynamic pages and also include explicit links to other pages via ‘calls to action’.  

Applying Menus and Views to Our Example

Using our example, you may have a static page for ‘About Us’, ‘Contact Information’, or ‘History of Publishing’. These would be created as pages and linked to via the menu.

You may also have a page that lists all the books and another that lists all the authors. Because your lists of books and authors are likely to change often, these lists should be created using views. When you add a new book or a new author, it automatically appears in the list.

Taxonomies make creating lists more interesting because we can create lists of content that are filtered by a particular taxonomy term. For example, if ‘prize winning’ is a book category, a taxonomy allows us to create a list of all the books that are ‘prize-winning’.

Finally, you might have a landing page for an upcoming book tour that includes details about the tour, a link to the book being promoted, and also links to other books by the author.

Conclusion

There are many more things to know to build a site with Drupal. But when you’re planning out your content, you simply need to be able to draw out the structure and communicate this with your team. Knowing the basic Drupal concepts will help you communicate clearly and think about the site’s architecture at a high level.

To read about a real-life project in which we built out book content in Drupal 8, read about our project for Princeton University Press.

+ more awesome articles by Evolving Web

Flocon de toile | Freelance Drupal: Working with the Drupal Commerce 2 checkout flows

Main Drupal Feed - Wed, 04/04/2018 - 12:00

Drupal Commerce 2 allows to define out of the box multiple checkout flows, allowing to customize according to the order, the product purchased, the customer profile this buying process and modify it accordingly. This is an extremely interesting feature, in that it can simplify as much as necessary this famous checkout flows. Do you sell physical (and therefore with associated delivery) and digital (without delivery) products? In a few clicks you can have two separate checkout flows that will take into account these specificities.

Lullabot: Continuous Integration in Drupal 8 with Travis CI

Main Drupal Feed - Wed, 04/04/2018 - 10:07

This article is the second in our series on Continuous Integration tools for Drupal 8, which started with CircleCI. This time, we explore Travis CI.

Travis CI is the most well known CI tool for open source projects. Its setup process is straightforward and it offers a lot of flexibility and resources to implement Continuous Integration for any kind of project. In this article we will implement the same set of jobs that we did with CircleCI and then compare both tools.

Resources

This article makes references to the following resources:

Browse the demo project to discover where the CI components are placed, then use the one-line installer to add these components automatically to your project.

The goal

We want to run the following jobs in a Drupal 8 project when someone creates a pull request:

To accomplish the above, we will use the following tools in Travis CI:

  • Drush, Drupal’s command line interface, to perform Drupal-related tasks like installing Drupal or updating the database.
  • Docker Compose, via docker4drupal, to build the environment where Behat tests run.
  • Robo, a PHP task runner, to define a set of tasks for each of the above jobs.

Here is a screenshot of the Travis CI dashboard with the above setup in place:

undefined

Now, let’s see how this has been set up. If you want to dive straight into the code, have a look at the demo Drupal 8 repository.

Setting up Travis CI

Travis CI requires the presence of a .travis.yml file at the root of the repository that dictates how it will build and test the project. I have used this installer that adds the following files:

Additionally, a few dependencies are added via Composer, which are required for the CI jobs.

After adding the above files to the repository, it’s time to give Travis CI access to it. Open https://travis-ci.org and authenticate there with your GitHub account. Next, add the repository at the Travis CI dashboard as shown below:

undefined

That’s it! After this, future changes to the repository should trigger builds at Travis CI. If you create a pull request, you will see a status message like the following one:

undefined Seeing the jobs at work

Here is an excerpt of the .travis.yml file. We are leveraging Travis’ build matrix for spinning up three jobs that run in parallel:

env: matrix: - JOB=job:check-coding-standards - JOB=job:run-unit-tests - JOB=job:run-behat-tests install: - composer --verbose install script: - vendor/bin/robo $JOB

The script section is called three times: one for each value assigned to the $JOB variable. It calls a different Robo task each time. We decided to write the implementation of each job as Robo tasks because:

  • It makes the .travis.yml file easier to read and maintain.
  • It makes the job implementations portable between CI tools.
  • It gives developers an opportunity to run the jobs locally.

If you are curious what a Robo task looks like, here is the implementation of the one that runs Behat tests:

/** * Command to run behat tests. * * @return \Robo\Result * The result of the collection of tasks. */ public function jobRunBehatTests() { $collection = $this->collectionBuilder(); $collection->addTaskList($this->downloadDatabase()); $collection->addTaskList($this->buildEnvironment()); $collection->addTask($this->waitForDrupal()); $collection->addTaskList($this->runUpdatePath()); $collection->addTaskList($this->runBehatTests()); return $collection->run(); } Building the environment with Docker Compose

The build environment task shown above, $this→buildEnvironment(), uses Docker Compose to build a Docker environment where the Drupal site will be configured, the database will be updated, and finally, Behat tests will run.

In contrast with CircleCI, where we define the mix of Docker images that the test environment will use to run the jobs, Travis CI offers two environments (Precise and Trusty) with common pre-installed services. Trusty has everything that we need for checking coding standards or running PHPUnit tests, but Behat tests require more setup which we find easier to manage via Docker Compose.

Here are the contents of the build environment task. For simplicity, we have removed a few unrelated lines:

/** * Builds the Docker environment. * * @return \Robo\Task\Base\Exec[] * An array of tasks. */ protected function buildEnvironment() { $force = true; $tasks = []; $tasks[] = $this->taskFilesystemStack() ->copy('.travis/docker-compose.yml', 'docker-compose.yml', $force); $tasks[] = $this->taskExec('docker-compose pull --parallel'); $tasks[] = $this->taskExec('docker-compose up -d'); return $tasks; }

The above task uses this docker-compose.yml file to build the environment.

Generating and visualizing coverage reports

Travis CI does not support storing artifacts like CircleCI does. Therefore, we need to use a third-party service to host them. Travis documentation suggests either uploading them to an Amazon S3 bucket or using Coveralls, a hosted analysis tool. We chose the latter because it posts a summary in each pull request with a link to the full coverage report.

Setting up Coveralls is straightforward. Start by opening https://coveralls.io and then, after authenticating with your GitHub account, use their browser to find and connect to a repository, like this:

undefined

Next, it is recommended to review the repository settings so we can customize the developer experience:

undefined

With that in place, new pull requests will show a status message with a one-line summary of the coverage report, plus a link to the full details:

undefined

Finally, when we click on Details, we see the following coverage report:

undefined A comparison to CircleCI

CircleCI can do all that Travis CI does with less setup. For example, coverage reports and Behat screenshots can be stored as job artifacts and visualized at the CircleCI dashboard. Additionally, CircleCI’s Command Line Interface gives a chance to developers to debug jobs locally.

Travis CI shines on flexibility: for example, only the Behat job uses Docker Compose to build the environment while the rest of the jobs use the Trusty image. Additionally, there is a huge amount of articles and documentation, which you will surely find helpful when tweaking the jobs to fit your team's needs.

If you liked Travis CI, check out this installer to get started quickly in your Drupal 8 project.

What next?

We aren’t sure about which tool to pick for our next article in this series on CI tools for Drupal 8. Do you have a preference? Do you have feedback on what you’ve found relevant about this article? Please let us know by posting a comment.

Acknowledgements

Kalamuna Blog: How-to: Using Drupal-Project to Craft Your Perfect Start State

Main Drupal Feed - Wed, 04/04/2018 - 06:05
How-to: Using Drupal-Project to Craft Your Perfect Start State Shannon O'Malley Tue, 04/03/2018 - 23:05

The drupal-project repository is quickly becoming the de facto starter for all Drupal 8 projects. So how can you quickly spin up a new site with Composer and drupal-project? How do you take drupal-project and customize it to suit your particular needs? And, how do you leverage post-install tasks to keep yourself DRY? This February I gave a talk at DrupalCamp Florida where I got into all of these questions.

Categories Articles Drupal

OSTraining: A Further Look at the New Layout Builder in Drupal 8

Main Drupal Feed - Wed, 04/04/2018 - 05:48

Earlier in this blog, OSTraining's Steve Burge made an excellent introduction to the new Drupal Layout Builder.

Many users have been eagerly expecting this module and it was released in version 8.5.

In this tutorial, you will take a further look at how to work with this module. You will see how to use the Layout Builder to configure:

  • Content types.
  • Nodes.

Agiledrop.com Blog: AGILEDROP: DrupalCon Nashville, here I come!

Main Drupal Feed - Wed, 04/04/2018 - 00:22
I was not planning to go to DrupalCon this year due to so many things going on at the company, but with a little delegation effort, I will be able to go.  I would not like to miss this one, to be honest. So here is what I am looking forward to in Nashville.   Meeting new people DrupalCons in the US are the biggest Drupal events, and even if you are an active community member for 11 years like I am, you still see a lot of new faces. Developers are generally more on the introvert side, so you don't see so much intentional networking like on some other events, but don't hesitate to ask the… READ MORE

Chromatic: A Testing Environment for Every Pull Request

Main Drupal Feed - Tue, 04/03/2018 - 20:08

At Chromatic, when we are collaborating with our clients on a website or product, we typically work in an agile, iterative process. As part of that process, it is important for all stakeholders to be able to easily review and approve changes to a site as they are being made, but this can frequently be a pain point. There are often members of the team who are less technical, or may not have a development instance of the website, or an interest in checking out git branches. Frankly, even for users that are willing and able, this process is often an inefficient use of everyone’s time.

David Lohmeyer's Blog: Nesting module-defined menu links in Drupal 8

Main Drupal Feed - Tue, 04/03/2018 - 16:03

When you provide a module-defined menu link in Drupal 8, there is some great documentation on how to add a menu link on Drupal.org. This gets into how to provide a menu link with YAML. In a lot of cases, you might want to nest this menu link under another item. This is especially the case if you were providing a menu link for something in the main menu of your site.

Drupal Association blog: DrupalCon Nashville Board Meetings

Main Drupal Feed - Tue, 04/03/2018 - 13:32

DrupalCon Nashville is right around the corner! Part of the week includes board meetings. Below is a summary of their activities and agendas. We hope you will join the public board meeting in person or virtually.

Board Retreat

The Drupal Association Board of Directors will convene over the weekend from April 7-8, 2018 to hold discussions based on the Executive Director and committee chairs’ updates. The board will also discuss funding models to pursue that will increase investments that the Drupal Association can make to accelerate Drupal adoption. We are also going to review and discuss the principles and values that Dries Buytaert is creating for the community and will be sharing in his keynote.

Additionally, the board is hosting a two hour discussion on Drupal’s governance structure. To properly inform this discussion, the board invited representatives from groups that are part of Drupal governance as well as representatives of groups who are not currently part of governance. Together, we will explore what is working and ways to evolve Drupal governance that improve support for the Drupal project.

Public Board Meeting

The Board of Directors will hold an open board meeting on Wednesday, April 11 from 11:45 - 1:00 pm CT in the Nashville Convention Center in Room 103A (lunch will be served!). We welcome you to attend in person or virtually.

The agenda will include an executive update as well as program updates from staff. There will be 10 minutes for the community to ask the board and staff questions.

Mediacurrent: A Local’s Guide to Drupalcon Nashville

Main Drupal Feed - Tue, 04/03/2018 - 13:04

While everyone has a busy week attending Drupalcon sessions and events (be sure to check out Mediacurrent’s afterparty) , if you find some extra time, Nashville has an eclectic mix of activities and places to go. Whether you're looking for great music in none-other than "Music City" or you're looking for a nice place to relax and grab a bite to eat, take advice from a Nashville and check out my list of Nashville's must-see spots. When you're ready to take a break from drupalin', check out these suggestions and engulf yourself in the Nashville culture. 

Music

Image source: Wikipedia 

Whether you enjoy country music or prefer other genres, Nashville offers something for every taste.  Some nights you might need to venture outside downtown for more rock and roll. If music is at the top of your Nashville bucket list, here are nine spots you won’t want to miss:  

 

Food 

Source: Monell’s

There has been a huge number of new restaurants opening but here are a couple of classics and a newish one:

  • Rotier’s Restaurant, the original Cheeseburger in Paradise? A Nashville classic and award winner, just be sure to get the burger on French bread.
  • Family style southern food at Monell's.  Dinner and breakfast are served to the table and passed around like a family holiday.
  • Hip Pinewood Social attracts visitors any time of day, breakfast and Crema coffee, co-working spot during the day, and bowling on antique lanes in the evening.
  • Need Barbecue? Martin’s, Peg Leg Porker,  Edleys, or G’z BBQ are all good choices.
  • Restaurants of award winning chefs include Sean Brock's Husk from Charleston, Tandy Wilson's City House, and the Catbird Seat. This year's James Beard semifinalists include Henrietta Red, Bastion, Josephine, and longtime East Nashville restaurant Margot Café & Bar.
  • Nashville Hot Chicken is very popular with heat level choices for anyone. But pay heed if they warn you when ordering.

 

Don't forget about the famous Nashville Hot Chicken. A few favorites among many great spots:

  • Princes Hot Chicken Shack. The original.
  • The Tenders Royale from Pepperfire is a nice introduction along with a couple of local drafts on tap, and blues music in the background.
  • Tenn Sixteen Great East Nashville Five Points restaurant.  The hot chicken comes in one heat level, kind of a "Nashville medium".  That is, it's usually pretty hot, unlike other restaurants that don’t specialize in hot chicken.
  • Fannie Mae's, which conveniently just opened up a new restaurant location near the convention center.
  • Another list hot chicken can be found here

Museums

Source: George Jones Museum (Also known as the home of the Mediacurrent Afterparty!)

Nashville is rich with history and musical history is at no shortage. Most of these museums are an easy walk or bus ride downtown:

  • The Frist Center -  This art deco building was originally the post office. The current exhibition is the exclusive North American venue of Rome: City and Empire from the British Museum.
  • Country Music Hall of Fame and Museum - Across the street from the convention center, you can also check out Hatch Show Prints or tacos from Bajo Sexto.
  • Musicians Hall of Fame and Museum - This museum “honors the talented musicians who actually played on the greatest recordings of all time.” Additionally The Rolling Stones first ever major exhibition, Exhibitionism, is making its last U.S stop, taking on Music City at the Musicians Hall Of Fame and Museum.
  • Lane Motor Museum - An amazing variety of the largest European collection of cars in the U.S. located a few miles from the convention center.

 

Exercise

Source: Expedia

Jogging/Walking
  • The downtown Cumberland River Greenway connects to Bicentennial mall - This route can be varied for any distance. 
  • Another popular area for walking and jogging is to cross the Shelby Street Pedestrian Bridge to Cumberland Park and Nissan stadium. 
Hiking/Trail Running 
  • Warner Parks - Large wooded parks on the western boundary of Nashville has hills with a view of the city.
  • B Cycle has bikes for rent by the hour with many locations to pick up or leave a bicycle.   

Family and Kids Activities
Miscellaneous
  • There is a free bus downtown to the Gulch or Farmer's Market and Germantown that has stops around the convention center.  Look for the Green Circuit.  This would be a good way to get to the AAA Nashville Sounds Baseball game in the evening.  
  • A couple of hints on street pronunciations beyond just a southern accent might help too:

       Demonbreun Street - Pronounced da-mun’-bree-un.
       Lafayette Street - Pronounced luh-fay’-ett. ( I know, I know) 


Hopefully everyone has a great experience in Nashville and comes back for a more leisurely visit. 

Jillian Stewart: A Gals health and fitness specialist

Drupal News Org - Tue, 04/03/2018 - 12:50

Jillian includes a viewpoint about her area of medicine from others. She believes that there is a solid bond from the ‘connection of Obstetrician and Gynecologist with the lady is moderately different than another doctor’ and thinking about This can be psychological for her. 

She has excellent operate knowledge. In her spare time, Jillian Stewart likes to play snooker and she or he received lots of trophies for her college for a captain of a basketball team. Biology was her favored matter given that her graduate school times and constantly wanted to function Within this field.

Drupal version: Drupal 4.6.x

ComputerMinds.co.uk: Patching Drupal without server access

Main Drupal Feed - Tue, 04/03/2018 - 11:35
Patching Drupal without server access James Williams 3rd Apr 2018

If you don't have access to the file system on the server for a Drupal site, when a security issue like Drupalgeddon2 comes along, you are entitled to panic! Many sites are run by a combination of teams, so sometimes you really don't have control over the server... but that might even mean there is another way to apply fixes. If you've been tasked with updating such a site (I was!), it's worth checking if the server has been misconfigured in such a way to actually allow you to patch Drupal, via Drupal!

Read more

ComputerMinds.co.uk: Fixing Drupal, really quickly

Main Drupal Feed - Tue, 04/03/2018 - 11:30
Fixing Drupal, really quickly James Williams 3rd Apr 2018

Drupalgeddon2 happened! We got all but two of our projects updated within an hour, with those remaining trickier two fully patched another hour later. The key was planning the right process using the right tools. We actually use these tools for regular deployments every day, but speed was essential for this security update.

Read more

Lucius Digital: Mini Drupal module 'Clean maintenance' released

Main Drupal Feed - Tue, 04/03/2018 - 10:47
Last week we had to update all Drupal websites that we manage because of a high risk security release. We saw too late that some (older) sites didn't have a proper maintenance page.

Zivtech: How to Prevent Your Drupal Site from Getting Hacked: Part 2

Main Drupal Feed - Tue, 04/03/2018 - 09:00

In part one of this post, I went over how Drupal Security Advisories, SSL/TLS certificates, and thorough user account security help lay the foundation for keeping your Drupal site secure. In part two, we’ll take a look at user roles and permissions, input filters and text formats, and third party libraries.

User Roles and Permissions

To keep your site secure, always make sure that your user roles and permissions are configured properly. Depending on the modules installed and third party integrations, there could be additional permissions and/or roles to configure to ensure the site is still secure after installing a particular module. It’s important to read the full module README and/or module documentation to verify that all configuration options and permissions have been set up securely. In many cases, modules with very important security related permissions will either set them to a sane default configuration, or put up a notice on the modules page within the admin UI. Some will do both. Some will do neither, so that’s why you need to be aware. 

For each module you enable, there can be optional or required permissions that need to be configured. This is one of the easiest things to overlook as a Drupal beginner, so keep an eye on which modules you’re enabling, and if you have permissions set for all your roles before launching the site. 

Read more

ADCI Solutions: Let's talk about Leadership and Marketing at DrupalCon

Main Drupal Feed - Tue, 04/03/2018 - 02:15

The ADCI Solutions team is ready to set off to DrupalCon Nashville. Meet us there! This time we bring up the topics of leadership and marketing of Drupal. We'd love to see you at the session and BoF! Let’s gather and chat!

 

Find more details here. 

 

Jacob Rockowitz: Drupal is the worst Content Management System except for all those other solutions

Main Drupal Feed - Mon, 04/02/2018 - 22:03

Recently I read Why is Drupal now the second most-hated platform behind SharePoint? followed by the predictable Reddit discussion trashing Drupal. Every time I read someone's negative, yet reasonable, criticism of Drupal, I can't help but rephrase Winston Churchill's famous quote about democracy in the context of Drupal and Open Source.

Churchill's defense of democracy came at a time when the notion of democracy was under a direct threat. Drupal and Open Source are not imperil in the same way, but the lesson Drupal and Open Source can learn from history is that it is essential to recognize, respond, and adapt to potential threats. Ignoring problems is the worst thing anyone can do.

Introspection and discussion is a significant part of our process to improve and affect change within Drupal. I am looking forward to Owen Lansbury's DrupalCon Nashville presentation called Have We Reached Peak Drupal?. I have seen a preview of his presentation and it puts Drupal’s current state into perspective while also looking at its future. If you want to learn more about the discussion around "peak drupal" you should also check out Dave Hall's blog post, "Drupal, We Need To Talk."

While building and maintaining the Webform module for Drupal 8, I have thought a lot about the future of Drupal and the Webform module.

How do we increase Drupal's adoption?

I no longer feel adoption is a Drupal 8 specific issue but rather it’s a...Read More

Acro Media: Drupal Commerce 2: A Comprehensive Technical Overview

Main Drupal Feed - Mon, 04/02/2018 - 15:40

The development of Drupal Commerce 2 has come a long ways. We've had an official release for a while now and many of the sub-modules and add-on modules are coming along nicely. However, with all of the focus being on development, it can be hard to find good documentation for Drupal developers and Technical Managers who want to know more about the underlying systems and design.

Look no further!

A while ago we contact Steve Oliver and asked him to help us out. Steve has been developing Drupal for a long time (at the time of writing, his Drupal.org profile is 12 years, 3 months old). He's contributed to all aspects of Drupal, including Commerce, and is quite active in IRC and Slack, providing support. We asked him if he would be interested in providing us with one document that contained everything you might want to know about Drupal Commerce from a technical perspective. We're talking about the systems, design patterns, concepts, core modules, contrib modules, and more. Steve blew us away, coming back to us with a 22 page document that has it all. We've taken all of that wonderful information and put it on our site for everyone to enjoy. It's a great starting point or general refresher.

So without further delay, take a look for yourself. I bet you'll be happy that you did!

You may also like

Pages