Saturday, October 30, 2010

Enabling HTTP Secure (HTTPS)

HTTPS is a protocol which encrypts HTTP requests (like the kind you just made to see this page) and their responses. This ensures that if someone were able to compromise the network between your computer and the server you are requesting from, they would not be able to listen in or tamper with the communications.
When you visit a site via HTTPS the URL looks like this: https://drupal.org/user/login. When you visit a site via plain (unencrypted) HTTP, it looks like this: http://drupal.org/user/login.

Why is it important to you (and when)

HTTPS is typically used in situations where a user would send sensitive information to a website and interception of that information would be a problem. Commonly this means:
  • Credit cards
  • Passwords and Usernames
  • Identifiable information (Social Security number, State ID numbers, etc)
  • Confidential content
Especially in situations where you as the administrator are sending your Drupal password, or the FTP password for your server across, you should use HTTPS whenever possible to reduce the risk of compromising your web site.
HTTPS also prevents eavesdroppers from obtaining your authenticated session key, which is a cookie sent from your browser with each request to the site, and using it to impersonate you. For example, an attacker may gain administrative access to the site if you are a site administrator accessing the site via HTTP rather than HTTPS. This is known as session hijacking.

For more information and updates about Drupal Development, Drupal Experts and Drupal Programmers visit at http://www.dckap.com

 

How to enable HTTPS support in Drupal

Web server configuration

  1. Get a certificate. many hosting providers set these up for you - either automatically or for a fee. Simply ask your hosting provider.
  2. Configure your web server. Here are the Apache instructions . Chances are, your webhost will do this for you if you are on shared hosting.

Drupal configuration

  • If you want to support mixed-mode HTTPS and HTTP sessions (i.e. when you login on the HTTPS site, an additional insecure session cookie will be created allowing you to also be logged in on the HTTP site), open up sites/default/settings.php and add $conf['https'] = TRUE;
    Note that this configuration is less secure because the insecure session key will be passed across the network unencrypted, allowing authenticated sessions to be sidejacked. You will need to use contributed modules to prevent hijacked insecure sessions from submitting forms, viewing private data, impersonating users, etc.
    A hijacked insecure session can only be used by attackers (or penetration testers) to gain authenticated access to the HTTP site. It will not be valid on the HTTPS site.
  • For better security, leave $conf['https'] at the default value (FALSE) and setup your site to use HTTPS for all authenticated sessions and HTTP for anonymous sessions. Regardless of the $conf['https'] setting, Drupal 7 automatically enables the session.cookie_secure PHP configuration on HTTPS sites, which causes SSL-only secure session cookies to be issued to the browser.
 Source: http://drupal.org/https-information

Thursday, October 28, 2010

Support Drupal by voting in the 2010 Open Source Awards

Packt Publishing, the company behind many well-known Drupal books, is also responsible for the Open Source Awards, an annual online event held to distinguish excellence among open source projects. Winners of this competition receive cash awards that go to support their projects. Over the past five years, Drupal has won thousands of dollars in award competitions sponsored by Packt, due in no small part to the strength and passion of our community.
This year, Drupal is up against historic rivals Joomla! and WordPress in the Hall of Fame CMS category. The winning project will receive $2,500.
How can you help make Drupal win? Just go to Packt’s site and cast your vote. But don’t delay, as the competition is only open until November 5.
Packt is also giving away a free Amazon Kindle to a randomly selected voter. Help support Drupal by voting today!

For more information and updates about Drupal Development, Drupal Experts and Drupal Programmers visit at http://www.dckap.com

source: http://drupal.org/node/937848

Wednesday, October 27, 2010

Drupal 7.0 Beta 2 is released

Our last Drupal 7 beta version was released about a month ago. Today, we're proud to announce the release of the second (and possibly final!) beta version of Drupal 7.x for your further testing and feedback. The first alpha announcement provided a comprehensive list of improvements made since Drupal 6.x, so in this announcement we'll concentrate on how you can help ensure that Drupal 7 is released as soon as possible and is as rock solid as the previous Drupal releases that you've grown to love!
This release includes:
  • Better error trapping during installation and upgrade for various incompatible systems, based on error reports from folks newly trying out Drupal 7 on various environments. We think we've caught all the ones we have so far, but please keep the reports coming!
  • Better support for exportables in the form of a new Form API type "machine_name" and format IDs stored as strings rather than integers.
  • Links can now participate in the D7 AJAX framework, which was previously limited to forms.
  • Raised minimum version of PHP to PHP 5.2.4, to facilitate stream wrapper security.
  • Numerous tweaks to basic navigation in the default profile, to prevent information overload.
  • Fixed a regression in Schema API that prevented modules such as Date from adding to the column types supported by core.
  • Profile module no longer shows up on the module listing on new sites, in favour of fieldable user entities.
  • Fixing of numerous Bartik and Seven theme style & RTL bugs. There are still lots more, so please help get Drupal 7's new look and feel as polished as possible!
For more information about Drupal Development, Drupal Experts and Drupal Programmers visit at http://www.dckap.com

Source : http://drupal.org/drupal-7.0-beta2

Thursday, October 14, 2010

Latest Release - Drupal 6.18, 6.19, 5.23

 Latest Release - Drupal 6.18, 6.19, 5.23

Drupal 6.18 and 5.23, maintenance releases which fix security vulnerabilities are now available for download

Drupal 6.19 also fixes other small issues reported through the bug tracking system.

Click Here to Hire Drupal Developers, Drupal Expert, Drupal Programmers

Upgrading your existing Drupal 5 and 6 sites is strongly recommended. There are no new features in these releases. For more information about the Drupal 6.x release series, consult the Drupal 6.0 release announcement, more information on the 5.x releases can be found in the Drupal 5.0 release announcement. Drupal 5 will no longer be maintained when Drupal 7 is released. Upgrading to Drupal 6 is recommended.





It’s time to update Drupal! Drupal project team is constantly making efforts improving the platform and provide users with a better experience working on it. Drupal developers must be feeling excited to know what Drupal has come up with.The Drupal team has announced the immediate availability of Drupal 6.18, 6.19 and 5.23. Though, there are no new features in these releases but Drupal 6.18 and 5.23 are the maintenance releases that fix security vulnerabilities. Drupal 6.19 also fixes other small issues reported through the bug tracking system.

Drupal 6.19 is the nineteenth maintenance release of the Drupal 6 series. There are no security fixes included in this release, but only a few bug fixes have been committed. This includes the security fixes from Drupal 6.18 which was released sideways with Drupal 6.19. Drupal 5.23 is the twenty-third maintenance and security release of the Drupal 5 series. In this version, the fixes for security vulnerabilities and some other bugs have been committed. Since these releases are quite important from the perspective of fixing security vulnerabilities, so it is strongly recommended to upgrade your existing Drupal 5 and 6 sites.