Thursday, October 2, 2008

A CMS called Drupal

Content Management Systems (CMS) like Drupal have been popular as it provided a relatively powerful framework for customisation. As Drupal is upgraded, the user customised modules are protected to ensure that it can continue to work. Currently many CMS administrators fear upgrading their CMS as things will break due to extensive customisations.

Drupal version 5.x and 6.x currently supports PHP 5.2. This provides better security and performance. Did I mention performance? Currently due to Drupal modularity, it can be tweak for performance to the max. This depends on the web server, PHP and MySQL settings. By default, non registered visitors use Drupal cached pages which reduces load on Drupal.
See a typo3, Joomla and Drupal and part II comparison.

Drupal provides regular security updates at http://drupal.org/security and through mailing list.

Following are general precautions on installation of CMS, refer to http://tboxmy.blogspot.com/2008/08/cms-called-joomla.html
Additional precautions you can take:

Use only modules that is proven secure. Drupal security problems revolve mostly on poorly written additional modules.

Example of vulnerability:
Plugin Manager - Access Bypass, allowed any user to uninstall and remove modules.
Mail handler - SQL injection, allowed malicious users to gain administrator access.

No comments: