1.3. The Big Scary World
Are you feeling overwhelmed yet? There are many ways for your site to become insecure, and this chapter focused on the vulnerabilities in code. In the next chapter you'll learn about some of the problems outside Drupal, and the list of potential problems gets even larger.
At this point, you should have a good understanding of some of the issues involved in writing secure code. You should understand authentication, authorization, sessions, and the relationships among them. Often the results of a weakness in this area are the same—an attacker pretending to be someone else or seeing something he shouldn't—but the nature of vulnerabilities is different. You should understand code execution, the most common type of code execution in Drupal—SQL injection—and the role that boundary validation plays in protecting against code execution. You should understand cross-site scripting, where boundary validation is also important. Finally, you should know how to recognize a cross-site request forgery, where an attacker can trick you into modifying your own site without you even knowing it.
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
