Cracking Drupal: A Drop in the Bucket

Cracking Drupal: A Drop in the Bucket
Greg Knaddison
11 May 2009
Purchase online

The first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing Drupal is an open source framework and content management system that allows users to create and organize content, customize presentation, automate tasks, and manage site visitors and contributors.

Page 2 of 2
  1. Editorial Reviews
  2. Customer Reviews

Customer Reviews

Kevin said
Here is an excerpt of my review, the full review can be found at [...]

Cracking Drupal: A Drop in the Bucket is the first book specifically discussing vulnerabilities in the Drupal Content Management System. However, is it all it's 'cracked up' to be?

Well, you will have to decide for yourself. I would recommend this book for Drupal administrators, because it is available for a good price on Amazon and will get you thinking about security in Drupal, but if you are a seasoned Drupal veteran you may want to give this a pass.

Again, the rest of my review can be found at [...]

Lonny D. Stark said
This book is not suitable for anyone who doesn't have a very strong understanding of Drupal and Drupal-speak. Beginners and even intermediate web developers will not understand much in Cracking Drupal, which is neck-deep in geek. See to my last paragraph in this review if you're a beginner.

This is not to say this isn't a good book. I've gone through it once, and plan to read it over a second or third time because it is filled with information. I'm not a security expert, but from my limited perspective I did not see any glaring errors, and I enjoyed the frankness with which the author approached the subject of Drupal security.

For Drupal beginners, here are the basics in helping secure your site: follow every Drupal best practice that you find in the online handbook and articles, don't hack the core or modules, strictly follow Drupal conventions if you create your own modules, and never turn on the PHP filter (which allows you to pepper the site with your own PHP code). And most importantly - run crons frequently and update, update, update! After you've spent a year or two with Drupal, and you're comfortable with the CMS, then look for a second edition of Cracking Drupal.

John De Mott said
Within 24 hours of reading this book I found and patched a XSS attack on my site at work. It's well written, to the point, and informative. The author goes above and beyond explaining Drupal exploits and shows you how to track them down in the wild using the Drupal CVS repository. Most helpful is knowing how to properly use Drupal's built in security measures that take much of the weight of developing secure code off your shoulders.

Mary K. Maguire said
I'm still in the process of reading this book but have found it very helpful in making my Drupal sites more secure. The only thing I'm disappointed in is some of the modules recommended are still in Development state which means they are not ready for production sites. I know the development of a module is not in the author's control but one would think that when writing a book you would look at modules that site owner can use now. This book does tell what to look at when choosing module so that you know your site is more secure. Over all I'm glad I made the purchase and do recommend it if you have a drupal site.

Bling It On said
I bought this based on the reviews. I'm pretty good with code and web sites, but this book was totally Greek. The biggest problem I've found with Drupal is you can't really do it yourself if you want to do it right. You need to hire people and that eliminates a lot of users who would like to use a content management systems.

You might also like...



Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

“My definition of an expert in any field is a person who knows enough about what's really going on to be scared.” - P. J. Plauger