#drupalcon Day 1 Session Highlights

drupalcon

The day got off to a good start with an excellent keynote speech by Dries on The State of Drupal.

After a short break the rest of the day unfolded with some great sessions and here are my highlights from the day. The bangers and mash wasn't one of them so I might try the veggie option tomorrow!

If you're heading to Croydon College for a session it's a bit of a rat run, up 3 levels, turn right and keep walking then it's a right for BOF or a left Business Day sessions. Make sure you sign in at reception or you'll have security on your back.

Doing Drupal Security Right

A must read according to speaker Gábor Hojtsy is the book Cracking Drupal, I don't think he's on commission but he made a good case for buying it!

A list of security risks relevant to Drupal sites:

  • Misconfiguration
  • Avoid FTP
  • Site might be secure but server could be vulnerable, especially shared hosting
  • Avoid php input format
  • Most vulnerabilities are in themes

The top 2 security worries you should worry about are:

  1. Injection
  2. XSS cross site scripting

A good module to test your Drupal security is the security review module and make sure you subscribe to the Drupal security newsletter for the latest updates (info in the right hand column).

Other things highlighted in the session:

  • You have a 64% likelihood of a XSS issue
  • Drupal 7 passwords better secured than previous versions
  • Firesheep Firefox plugin sounds scary! Avoid open networks with no passwords when out and about
  • Securepages prevent hijack module

Is open source secure? Well more people are looking at it, finding holes and reporting back issues which is a good thing.

Read more about the session and download the slides.

Performance and Scalability

Jonathan Anthony, former CTO of Bounty delivered a good session on performance with Drupal and also highlighted his switch from .net. One issue with .net being the cost of Search on the particular platform he was using, £4000 to enable search on his .net CMS, Ouch!, Just one of the reasons he moved over to Drupal.

Other tips and tricks from Jonathan:

A nightly task so as not to affect the site during busy times is to set up a script to make a graceful restart of Apache, this keeps sessions intact but frees up memory for the start of a new day.

Some of these were used on the Bounty.com website that gets15 million hits a month but by using Boost and Block Cache modules they survived the onslaught of new visitors.

Please show some appreciation for one of his current projects, the Phone gap module which looks very cool.

Read more about the session

Did you attend? What did you think of the sessions you attended? What did you think of the bangers and mash?! More to follow tomorrow :o)