By lance1572 on

I know. I know. How many times have we heard this? Well I just commented on another post similar to my situation. First and foremost Drupal has always been this monumental CMS that I loved and hated. i have built a few sites with 6 and 7. I moved away to WP for a few years, mainly because the work i had didn't warrant a beast of CMS like Drupal. Now I am back because, well, I need something that will cater content to users who are logged in. i know Drup Drup can do that ;).

My only hesitancy is what should I choose 7 or 8. 8 seems to be still having a lot of issues while 7 seems to be stable and support many of the contrib mods. Out of of the unknowns, I guess i want to know do both versions at this point compete with security. I can live with the little headaches like upgrading versions, speed issues, etc but really security is utmost importance because now I will have to user accounts...ugh! I know anyone can hack if they truly want to but what do people think here?

many thanks!!!

Comments

bander2’s picture

bander2 commented

I am not an expert on this, but I would not consider security to be a factor in deciding between D7 and D8. Both are fully supported by the Security Team. That means that when vulnerabilities are detected, either proactively by a sharp eyed community member or because attacks are occurring, they are addressed quickly by the team.

You might reasonably think that D7 is more secure because it has been through many security updates already and we can't assume those updates made it into D8 because D8 is a rewrite. Additionally D8 has had no security updates.

But you could also think that since D8 is relying on battle tested Symfony components and an overall better architecture, it is more secure.

There are a lot of factors in deciding whether to jump on D8 or wait. For security, I would just trust the Security Team and consider any version they support.

- Brendan