Security is very hard to bolt on to any software or product after it has been built. Building it into the core of the code helps to avoid mistakes, and thus the upcoming release of Drupal 8 tries to build in more security by default, while still being usable for developers and site builders. This list of 10 security improvements is not exhaustive - some are just a line or two to handle an edge case, and there are others I may have overlooked. I've contributed to a number of these improvements, but they reflect overall the community consensus as well as reactions to problems that required security releases for Drupal core or contributed modules in the past. For each point I've tried to include a link or two, such as the Drupal core change record, a documentation page, or a presentation that provides more information. Some of these may also be possible to back-port to Drupal 7, to benefit you even sooner. A "7.x back-port" link indicates that.
For context on why these 10 improvements are important, I looked at past security advisories (SAs) as well as considering the kind of questions we get here at Acquia from companies considering adopting Drupal. In terms of past SAs, cross-site scripting (XSS) is the most commonly found vulnerability in Drupal core and contributed modules and themes.
Not every student learns the same way, so teachers consistently have to find a way to instruct a classroom while also reaching students individually.
When Acquia’s Global Support Team outgrew their ticketing system in 2013, it was time to make a change.
The release of Drupal 8 will bring many improvements and new capabilities.
There are plenty of tools that can improve your efficiency, but they can become burdens rather than real helpers.
Q. I’m new to Drupal and want to know if I need to learn Composer. Is it worth the time investment to learn?
Recently I began working on a D8 module, but this isn't a story about a D8 module. The work I did provided me an opportunity to get back to my pre-Drupal object oriented (OO) roots.
Drupal was designed from the ground-up to be modular. Once you install Drupal core, you can add any number of modules to enhance Drupal's basic functions.
Identity theft and site compromises are all-too-common occurrences -- it seems a day rarely goes by without a news story detailing the latest batch of user passwords which have been compromised and
Hi there. I’m Adam from Acquia. And I want YOU to adopt Drupal 8!
I’ve been working on this for months. Last year, as an Acquia intern, I wrote the Drupal Module Upgrader to help people upgrade their code from Drupal 7 (D7) to Drupal 8 (D8). And now, again as an Acquia intern, I’m working to provide Drupal core with a robust migration path for your content and configuration from D6 and D7 to Drupal 8. I’m a full-service intern!
Drupal is an incredibly flexible and expressive CMS and development framework. As a
It seems as if almost every Web developer hates using JIRA. Many developers feel it’s tedious, time-consuming work and they’d rather do just about anything else.
But JIRA doesn’t have to feel that way. With the help of some easy-to-learn shortcuts, you can use JIRA more efficiently and have time to do something you enjoy. In fact, these shortcuts are all but guaranteed to make you like JIRA more – or maybe hate it a lot less.
I recently reviewed the shortcuts with Acquia’s India team, and developers there couldn’t thank me enough for simplifying things. As you probably know, JIRA provides bug and issue tracking and project management functions. In other words, it’s useful and often necessary – something not to be avoided.
Kanban and Scrum are two different methodologies that can be utilized within your development organization. Both have pros and cons as agile methodologies, and one is often suited to a certain project better than the other. Let’s explore the definitions, differences, and how to utilize them practically for your next development project.
Kanban is a model of continuous slating, or continuous improvement. Essentially, when utilizing kanban, project priorities can change in real time, based on what takes priority at a certain time, so there is a certain flow to the work. Requirements can be added and clients or internal stakeholders can change their minds at any given time throughout the life of the project.