Dynamic page caching caches username. Web scan identifies it as credential Management issue

By s_andy on

The site I am working on belongs to Drupal 8.9.13 version. Our web scan has come up with an issue as:

Credential Management: Sensitive Information Disclosure. Web scan has detected the presence of username and/or password in http traffic when accessing some URLs in our site. For example when we go to https://oursite/about and do a view page source, we could see the username and token like below:

Categories: Drupal 8.x

Slow Ajax Solution

By flamingvan on

Introduction: I was struggling with slow ajax requests in a custom module form.  Since I couldn't find any good resources I wanted to share my solution.

Categories: Drupal 8.x

Lotus Bakeries | Faster time-to-market in a competitive global landscape

By Dropsolid on

Lotus Bakeries is active worldwide in the indulgent and natural snacking segment with a variety of brands, including Lotus Biscoff, Nakd, TREK, BEAR and Kiddylicious.

Sectors: 
Enterprise

SQL stack trace displayed by manipulating cookie content

By dnyaneshwargiri22 on

How can we avoid displaying sql stack trace on page

SQL stack trace on page-

Categories: Drupal 8.x

SQL Injection error during Security Scan

By dnyaneshwargiri22 on

Security scan trying to manipulate form_build_id value to something else

e.g 

form_build_id manipulated from: form-i0JR1J8PhobAlL1_m6CQ8oHm02Ogf5Z-Gfd9XClh5PU to: form-i0JR1J8PhobAlL1_m6CQ8oHm02Ogf5Z-Gfd9XClh5PU%a5'%20having%201=1--%20

manages to produce sql stack trace on page (UI) showing details of Drupal's SQL entities/ tables

e.g.

Categories: Drupal 8.x

Drush Unable for it to work

By davidd07 on

I have been trying so long for this to work, before it always used to work with my old computer. With the new one I seem to be unable for it to work.

Composer works fine but Drush seems to not work, I am having an issue where:

Categories: Drupal 7.x, Drupal 8.x, Drupal 9.x

Pages

Subscribe with RSS Subscribe to RSS - Drupal 8.x