Drupal Code Development Security Guidelines

By

This article was published in the print magazine Drupal Watchdog, Volume 6 Issue 3, Winter 2016, on page 9, by Linux New Media.

Sanitizing text to prevent cross-site scripting attacks is just one aspect of writing secure code in Drupal modules. One of the Drupal.org documentation pages delineates additional best practices — specifically, using the database abstraction layer to block SQL injection attacks (in code intended for Drupal 7+ and Drupal 6 or earlier), and abiding by node access restrictions through the use of the db_rewrite_sql() function. The page provides some example code for making your custom modules as bulletproof as possible, for those who are new to these important considerations.

Copyright © 2016 Michael J. Ross. All rights reserved.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <address> <area> <blockquote> <br> <cite> <code> <dd> <div> <dl> <dt> <em> <fieldset> <h1> <h2> <h3> <h4> <h5> <h6> <hr> <img> <input> <li> <map> <ol> <p> <pre> <span> <strong> <sup> <u> <ul>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
11 + 2 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.