I just installed drupal for my site a couple of months ago. Anyway, today I saw that xoops website has been hacked. My question is will this happen to drupal, too? I'm concern about the security because I'm not an advanced programmer of drupal plus I don't maintain my website daily. I only do it on my free time. What's going to happen if it gets hacked? I know the best that I can do are back-ups. Still, I want to be reassured. thanks.

Comments

chx’s picture

yes. Drupal is hackable. How? I have no idea. We are working on discovering it sooner than the bad guys.

This aside, Drupal is considered pretty secure.
--
Read my developer blog on Drupal4hu.

--
Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.

sepeck’s picture

hackable. Drupal has had a excellent record so far in regards to security and responded quickly to the two reported issues.

In your profile, click the edit tab, then my newsletters and check the box next to Security announcements.

You can see more infomration here: http://drupal.org/security

-sp
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain

-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide

Zed Pobre’s picture

The biggest problem I know of remaining is making sure that you have HTML properly restricted if you allow any tags at all. Particularly, make sure that div and all table-related tags are NOT allowed. Those can be used to completely overwrite the screen. This means that to get support for tables, you'll need to install the table filter module.

This isn't exactly a "hack" per se, except insofar as anyone who can post a comment with html table tags enabled can overwrite the entire screen for that page.