security
Tags:
CMS: Drupal
Thursday - 4:15pm - Thursday - 5:15pm
Room:
room 2
Description:
A comprehensive overview of Drupal's system for securing nodes. This session will cover:
- How the database is constructed.
- How the query is rewritten.
- How it interacts with other Drupal access (particularly permission flags, the published flag and hook_access)
- The API
- How to put all this together to write a simple access control module.
Lead by:
- Login to post comments
Submitted by bjaspan on Sun, 02/11/2007 - 08:01.
Tags:
Tags:
CMS: Drupal
not scheduled
Description:
Most Drupal-based sites use password-based authentication. This session will discuss and design proposals for improving the current practices. Current ideas include:
- Abandoning long-life PHP session cookies
- Best practices for persistent login (a.k.a. "Remember Me") cookies
- Not distributing initial account passwords via email
- Supporting required instead of optional password changes
- How SSL support should be integrated and configured
- Preventing hijacking of mixed plaintext/SSL sessions