Skip to main content
Drupal Answers

Questions tagged [security]

Ask Question

Use it for questions related to site security, in particular those focused on protecting a Drupal site from unauthorized access.

439 questions
Newest Active Bountied Unanswered
3 votes
0 answers
41 views

I'm using the CSP module on my site and attempting to add a nonce to my GTM script. I'm able to get a nonce value on the script element, e.g. <script nonce="zRaBCyoyymExSEt4jIfolw"> ...
Vecta's user avatar
  • 633
1 vote
1 answer
129 views

I am new to Drupal and need to know if the Webform module would take care of input sanitization of text area by default to prevent against SQL injection. I use it for public forms where users can fill ...
user119606's user avatar
  • 11
0 votes
1 answer
61 views

Our site (D10) is being hammered by AI bots to the point it's virtually unusable. One option we have is to wrap the entire site in a CAPTCHA - so no access (even to public pages) without passing a ...
Adaddinsane's user avatar
  • 430
0 votes
0 answers
112 views

We've recently encountered a potential security issue with Webforms file upload field automatically saving any selected file to /tmp (/_sid_), even when the filesystem is private. The current file ...
Claire's user avatar
  • 11
0 votes
0 answers
70 views

I'm scratching my head here with an unusual problem which began only AFTER MIGRATION into Drupal 9 / Drupal 10: try to protect access to site behind proxy-Ldap barrier (so people can access it from ...
Marco Aurélio Rocca's user avatar
  • 11
0 votes
0 answers
68 views

Although Drupal provides default security features, I still have a doubt related to the security of uploading a file using the file entity upload API URL. If I have set the allowed file extension and ...
Tejas's user avatar
  • 1
0 votes
1 answer
118 views

What's the meaning of [Drupal 10.0.x will receive security coverage until December 2023.] in release note. Can I continue to use Drupal 10.0.x after December 2023, is there any problem that I need to ...
ju_pier's user avatar
  • 21
1 vote
2 answers
653 views

Is there any module or technique to implement anti-CSRF tokens into all requests in Drupal 9 for anonymous users?
Tejas Damre's user avatar
  • 11
2 votes
1 answer
203 views

I understand that Drupal hardens permissions of the /web/sites/default directory and its files, each time that the system_requirements() function is called, typically after each composer require ...
alhemist's user avatar
  • 69
1 vote
2 answers
2k views

Last month, I encountered an issue where I could not edit settings.php as it was read-only. I asked this question and learned how to change the permissions to edit the file, and then harden them again....
GeorgeCiesinski's user avatar
  • 177
1 vote
1 answer
1k views

I have a Drupal 10 site that I just installed for the first time. I am very new to Drupal, and I haven't done anything to this site except install it and set up basic details like the site name, ...
GeorgeCiesinski's user avatar
  • 177
0 votes
1 answer
631 views

Just found hundreds of POST requests to user registration pages on Drupal site. No users are being registered but these requests are still getting 200 status from Drupal. Are these requests doing any ...
JM John's user avatar
  • 15
0 votes
1 answer
361 views

I have some websites in the drupal. I need to update the security modules in the old version to the latest version. The list of security modules I tried to attempt is as below 1)colorbox (current - v2....
jayaprakash R's user avatar
  • 129
2 votes
1 answer
83 views

After any Composer command (for example, composer create-project, composer require, and composer update), does Composer or Drupal set (or harden) the file permissions?
tahaniau's user avatar
  • 45
1 vote
2 answers
94 views

I am using Drupal 7. I have a page that has a PHP body that I know does not have any dangerous tags. According to the README.txt file in Security Review I need to add this to the "...
MrSnrub's user avatar
  • 285

15 30 50 per page
1
2 3 4 5
30