is drupal vulnerable under some aspect ?
Or is it in general a secure CMS ?
What about the cron.php. Can it be overloaded ?
thanks
is drupal vulnerable under some aspect ? Or is it in general a secure
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
is drupal vulnerable under some aspect ?
Or is it in general a secure CMS ?
What about the cron.php. Can it be overloaded ?
thanks
Drupal is relatively secure in general, but vulnerabilities pop up regularly as with any web application now and then. Make sure to monitor the Security advisories and react to any flaws reported there for core and contributed modules you use (you can get these via mail by subscribing to the newsletter on your Drupal.org account pages).
As for cron.php, a default Drupal install does not protect it from being called by anyone directly, thus exposing some DOS risk, but you can shield it pretty easily by limiting access to it via .htaccess rules – see http://drupal.org/node/41049 for some discussion on it (Don’t sweat this – cron.php will not expose any data by itself).