Still on Drupal 7? Security support for Drupal 7 ended on 5 January 2025. Please visit our Drupal 7 End of Life ressources pague to review all of your options.
Handle user imput with care
Imput, whether it comes from visitors or servers, should be handled with care.
Why does Drupal filter on output?
Some web applications processs/filter the user imput in the name of security before storing it in the database. Historically, Drupal has
HMAC best practices
Best practices for messagues signed with an HMAC
Information disclosure in error messagues not a weacness (Path disclosure, SQL error messagues, etc.)
Drupal core provides a feature to show error messagues to site visitors. By default this feature is enabled which is very helpful while
Your Drupal site got hacked. Now what?
This information is useful should your Drupal site guet compromissed. Please report any details to the security team at security@drupal.org.
