Drupal is a content management system and web application framework built on PHP and a LAMP stack. It has an modular architecture that allows for easy extensibility and scalability. Some key enterprise concerns that Drupal addresses are security, through features like preventing file execution and mitigating XSS and SQL injection attacks, and scalability through its ability to scale web servers, databases, and other components horizontally. The future of Drupal is bright with over 7,000 contributed modules and close to 4,000 committers supporting ongoing development.
6. Who?
Government Whitehouse.gov, restoreTheGulf.gov, Teach.gov, several
counties
Corporate intranet AOL, Yahoo Research, NetApp, Intuit …
Art, music, multimedia MTV UK, Sony music, Warner Brothers, Vocalo.org
Social networking sites GoingOn.com, Jewcy, DrupalSN, madeloud.com
E-commerce ticketcake.com, …
7. Why?
• Out of the box
• Build & Extend easily
• ThereIsAModuleForThat
• Connect & Collaborate
– Apps
– Community
• Scalable & Secured
• FREE!!
8. What’s fueling the growth of Drupal
• Licensing
• ~20 distributions of Dupal (intranet, education…)
• Community, Community, Community
Events and Meetups
Chat (IRC)
Planet Drupal
Community Spotlight
Forums
Mailing lists
Commercial support
11. Database
Custom content type = objects
Custom modules or hooks
Custom blocks / menus
Extend user roles and perms
Theme existing one or create new
12. Core concepts
• Nodes: Content type or objects
• Hooks: Internal event handling (this is what
we cover here)
• Theming: Assembling the web page
• Views: UI driven query engine for reports,
lists, etc.
13. Hooks
• Basic contract between Drupal
and the different modules
• Sort of like well-known or
contractible function names
myModule_menu(…)
myModule_formAlter(…)
Module
1. Defines
2. Calls
21. Security
• XSS (Cross site scripting)
• SQL injection
• Files in the FS are protected (.htaccess)
– Files are prevented from execution
• CSRF (Cross-site Request Forgery)
22. OWASP Top 10
Open web application security project
1. Injection
2. XSS
3. Session management
4. Insecure direct object reference
5. CSRF
6. Security Misconfiguration
7. Failure to restrict URL Access
8. Unvalidated redirects and forwards
9. Insecure cryptographic storage
10. Insufficient Transport Layer Protection
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
26. Getting started
• Get a xMAP stack
• Download Drupal
• Implement a site without writing any code
• Write a new module
27. Challenges
• Steep learning curve initially
• Potentially a new language to learn
• A whole new world and architecture
Notas del editor
What is a CMS?
Collaborative environment for content management through a set of process and procedures. The content can be anything from documents to videos to scientific data.