Drupal Code Development Security Guidelines

By

This article was published in the print magazine Drupal Watchdog, Volume 6 Issue 3, Winter 2016, on page 9, by Linux New Media.

Sanitizing text to prevent cross-site scripting attacks is just one aspect of writing secure code in Drupal modules. One of the Drupal.org documentation pages delineates additional best practices — specifically, using the database abstraction layer to block SQL injection attacks (in code intended for Drupal 7+ and Drupal 6 or earlier), and abiding by node access restrictions through the use of the db_rewrite_sql() function. The page provides some example code for making your custom modules as bulletproof as possible, for those who are new to these important considerations.

Copyright © 2016 Michael J. Ross. All rights reserved.