Is Drupal secure?

Forums: 

Drupal has a very good track record in terms of security, and has an organized process for investigating, verifying, and publishing possible security problems.

Drupal's security team is constantly working with the community to address security issues as they arise. More information about this process can be found in that section of the handbook.

The short answer is that open source software is as secure or more secure (in general) than commercial software. A good summary of the relevant issues can be found in this article from IBM: The security implications of open source software. The increased security of using open source was cited as one reason the White House switched to Drupal.

Drupal's API and default configuration are designed to be secure when used in their default modes. Issues like Injection, Cross Site Scripting, Session Management, Cross Site Request Forgeries, and others all have standard solutions in the Drupal API. For a more detailed review of the topic please read the Drupal Security Report.

Quick Links

Banking Details


ZB Bank
Account Number 4564-679129-200,
Masvingo, Branch

Contact Details


Physical Address
Morgenster Mission
Morgenster, Zimbabwe
 
Postal Address
P.O Box 80, Masvingo
Zimbabwe
 
Tel: +263 772168102-5