Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By shambly on
Hi All,
I have created a procedures Drupal site that is stand-alone and SSL secure.
Our internal It department is concerned that this site can be a threat, and a conduit for hackers to get in to internal network.
There is nothing connecting the internal network to the Drupal site except a reference path of users going to the site for info.
In my amateur opinion, it seems to be about as locked-down as it can be, but then again, I know nothing about Black Hat.
Can anyone enlighten me as to the threat that I may have created to my companies internal network?
Comments
Shouldn't they be explaining
Shouldn't they be explaining that? If they want to claim it's a threat, they should back that claim up.
Drupal itself is very secure, and has a dedicated security team that checks up on Drupal core and 3rd party modules.
=-=
makes me wonder how they justify running php on the server or anything for that matter.
Yes. When it comes down to
Yes. When it comes down to it, they are asking for proof of non-existence.
thanks
thanks for your comments Jaypan and VM.
maybe I should ask, has anyone had experience with these kinds of sites becoming the entry point for malicious network activity?
what to watch out for?
=-=
That's a broad question. I suggest if you want to learn about these types of things to get a few books and google some relevant information about server and network security.
You can also read this
You can also read this article: https://drupal.org/documentation/is-drupal-secure
Edit - and this one too: http://www.acquia.com/blog/keeping-drupal-secure