Tagged Questions
1
vote
0answers
25 views
Captcha on login form using the form block module
I am providing the registration form using the form block module. I also have Captcha and Hidden Captcha module enabled on mysite. However i am not getting the option to add a captcha to the ...
2
votes
1answer
74 views
why some PDOException errors are displayed in details on users screen and some other not
A user reported to me seeing the following error on his screen:
The watchdog entry for this error looks like this:
PDOException: SQLSTATE[HY000]: General error: 1205 Lock wait timeout exceeded; try ...
1
vote
3answers
220 views
PHP in database: bad practice but
Lots of times here I've been told that using views custom php fields, filters or others is a bad practice, because putting php in the sql is dangerous.
My question is, if you only call to a function, ...
2
votes
1answer
50 views
Overriding default hashing mechanism: cannot redeclare user_hash_password()
I have a project that requires a change in the default password encryption mechanism.
The documentation of password.inc states that this can be overridden using the password_inc variable. I followed ...
3
votes
1answer
42 views
Are there any security concerns with getting the UID by simply querying the sessions table against the visitor's cookie?
In the High Performance JavaScript Callback Handler I'm attempting to use my own code to get the current user's ID.
To give a quick rundown, by returning data at a much lower bootstrap level ...
0
votes
1answer
50 views
what actions to take when someone uploaded php files in random drupal folders and sending out spam
I'm not sure how this happened, but my server techs notified me about some php files inside the includes folder sending out 50k worth of emails. I'm not sure how anyone would be able to upload that. I ...
1
vote
1answer
66 views
When is it necessary to check_url()?
When is it necessary to use check_url()? For instance, if I create a login link by putting the code below in the body of a block, which of the 3 check_url() calls are necesssary and which ones are ...
2
votes
1answer
347 views
Malware on D7 website - Blacklisted by Google
I want to tell you about the malware attack to my Drupal website. Not just for your suggestions but also to create something helpful to anybody tha could suffer for the same problems. Well...
...
1
vote
1answer
91 views
Will forcing validation on a node save result in security issues or data integrity loss?
I have a content type containing lots of required and conditional fields. Because it can take a bit of time to properly create these nodes, and not all information will always be available to the ...
0
votes
0answers
31 views
Storing embed.ly html data vs more requests
I have built a facebook like feed/wall system that uses embedly to convert URL's to content. For videos/rich content that can be played inside the content frame I have to decide between two options:
...
1
vote
2answers
35 views
Markup filtering at theme level (security)
Please could someone advise if any sort of sanitization/filtering is required for the #markup below i.e. check_markup(), check_plain(), etc
The $title variable is basically just from ...
3
votes
2answers
119 views
How to hook into adding watchdog entries by other modules?
Is it possible to write some code to intercept the process of adding Watchdog entries and filter them before adding to the log? Or is there a module that allows for watchdog filtering before adding to ...
3
votes
1answer
122 views
Would using hash_pbkdf2() be more secure than the actual code used from Drupal 7?
Drupal 7 allows a module to implement a different way to create a password hash. It is sufficient the module changes the content of the Drupal variable password_inc, and implement the required ...
3
votes
1answer
61 views
Why should the Hacked! module not be used on a production server?
In the source code of the Hacked! module, it says it should never be used on a production server.
/**
* @file
* The Hacked! module, shows which project have been changed since download.
*
* We ...
2
votes
4answers
478 views
How secure are variable_get and variable_set?
I have a custom module that saves variables with FTP usernames and passwords. Is variable_get secure? Ie. Can it be accessed outside of the module.
Is variable_set equally secure?
Obviously they are ...
