How to stop worrying and enjoy developer life with Vagrant

Posted on 25/11/201603/02/2018

Vagrant has been successfully used by web developers worldwide for years now. It helps simplifying configuration, unify LAMP configuration per project and avoid sysadmin hurdle in order to configure LAMP stack. Despite these great advantages in team environment however, in my professional career I saw developer who preferred other ways of LAPM or MAMP or WAMP management. That alternative (the old school) setup was causing ongoing issues in team environments that required (lots of) time to resolve. Some developers still have fears of diving into the vagrant, Virtualbox, ansible and related technologies, avoiding it. However the Vagrant box setup is super simple these days – with the beetboxvm. Check out the opensource beetboxvm project on GitHub – it allows single file download and run the `vagrant up` command to get your environment ready out of the box, fast. At the time of writing this article, you only need to download the Vagrant file and place it in your web root. The rest will be configured for you – powerful LAMP, including mail proxy mailhog. The advantages of the beetboxvm project versus other Vagrant boxes You only add config to your project and don’t need to manage a fork of the whole provisioning system. It uses a […]

Continue reading→

How to prevent username enumeration vulnerability in Drupal

Posted on 24/11/201601/02/2018

These days everyone is trying to pay attention to website security. Great effort. But as you hopefully know, the real security is the security at every level. Let’s review the very generic and common security feature, such as the username and password pair to secure login forms in millions of web applications. In the perfect scenario you would create a very unique and hard to guess username along with strong password (if your username is admin, bad luck!). In this case, whenever someone will be attempting a dictionary attack against your website, not only passwords needs to be discovered but usernames too. This makes the username/password security alone the strongest. In such scenario leaked username makes it only 50% success of a website breach (with password to be the remaining 50%) and gives your login form maximum protection possible. What is Username Enumeration Vulnerability Username enumeration is a type of vulnerability in web applications, where it is possible to find exact usernames or to confirm that a guessed (or leaked) username exists in the system based on system response. For example the password reset form may return different response based on the fact that the username exists in the system versus the opposite. […]

Continue reading→

Use Search API to get custom search results for Views

Posted on 09/11/201601/02/2018

Recently I was working on a Drupal website project that had to be rescued. The previous development team took various approaches to work on functionality that had to be put together. However, when we started to release features, the pieces of functionality could not be stitched together. A particular example (I wanted to talk about) relates to using Drupal Views and Search API modules in order to build search pages. Many developers who used Search API know that it provides nice views integration, allowing to build views that utilise Search API indexes and servers to display the desired search results, build and configure facets – all within the Views interface. Unfortunately, in this case, the search API was using a search index but the View that meant to be displaying search results using the Views’ Exposed filters option in combination with Better Exposed Filters module (to achieve Facet-like search experience). The end result was satisfactory from the display point of view, but lacking good logic in getting the correct search results. To avoid rebuilding the about to go-live search page, I decided to look into the way Search API module handles the search. This approach could be used to get the list […]

Continue reading→