How to version control database configuration

Posted on 13/01/201701/02/2018

Working as a Drupal developer for many years, I learned a few good ways to manage development workflow well and achieve perfect release management process. Working mainly with Drupal and relying on Git for development, I always recommend other developers – that are not familiar with Git – to start using it. Git is not a rocket science and it offers many benefits, especially when it comes to complex projects with many developers working on it in parallel. Several times I was asked how to version control a database. All modern CMS websites have their configuration split between the code and the database, it may become critical to version control the database-based configuration. The main reason is that other developers could pick up configuration changes easily during their daily development routine. How to version control a database? The short answer is “No, you don’t!”. Instead, you make the configuration changes to the database via code and then you version control the code. In this article I will share my experience in managing several Drupal 7 and Drupal 8projects, where my team was sharing the database configuration via Git. Such approach allows for smooth configuration sharing in the team and avoid configuration conflicts. What part of […]

Continue reading→

How to prevent username enumeration vulnerability in Drupal

Posted on 24/11/201601/02/2018

These days everyone is trying to pay attention to website security. Great effort. But as you hopefully know, the real security is the security at every level. Let’s review the very generic and common security feature, such as the username and password pair to secure login forms in millions of web applications. In the perfect scenario you would create a very unique and hard to guess username along with strong password (if your username is admin, bad luck!). In this case, whenever someone will be attempting a dictionary attack against your website, not only passwords needs to be discovered but usernames too. This makes the username/password security alone the strongest. In such scenario leaked username makes it only 50% success of a website breach (with password to be the remaining 50%) and gives your login form maximum protection possible. What is Username Enumeration Vulnerability Username enumeration is a type of vulnerability in web applications, where it is possible to find exact usernames or to confirm that a guessed (or leaked) username exists in the system based on system response. For example the password reset form may return different response based on the fact that the username exists in the system versus the opposite. […]

Continue reading→

Use Search API to get custom search results for Views

Posted on 09/11/201601/02/2018

Recently I was working on a Drupal website project that had to be rescued. The previous development team took various approaches to work on functionality that had to be put together. However, when we started to release features, the pieces of functionality could not be stitched together. A particular example (I wanted to talk about) relates to using Drupal Views and Search API modules in order to build search pages. Many developers who used Search API know that it provides nice views integration, allowing to build views that utilise Search API indexes and servers to display the desired search results, build and configure facets – all within the Views interface. Unfortunately, in this case, the search API was using a search index but the View that meant to be displaying search results using the Views’ Exposed filters option in combination with Better Exposed Filters module (to achieve Facet-like search experience). The end result was satisfactory from the display point of view, but lacking good logic in getting the correct search results. To avoid rebuilding the about to go-live search page, I decided to look into the way Search API module handles the search. This approach could be used to get the list […]

Continue reading→