secure

It always amazes me when one finds a security issue that looks like something that should never have happened in the first place.

This one was found earlier this year by Wietse Venema who first discovered the issue in Postfix.

He fixed the Postfix server quickly, however, he went further. He actually tested many other servers sending commands that bypass that very security measure and to his surprised he found out that Postfix wasn't the only system affected by the problem.

For those interested, all the details of the problem can be found on the Postfix website as CVE-2011-411.

A

The protected node module has global settings found under:

Administer » Site configuration » Protected node

Protected node Statistics

The page starts with statistics to let you know how pages are protected on your website. All the counts include published and unpublished content.

• Total nodes — the total number of nodes on your website
• Unprotected nodes — number of nodes that do not have a password
• Protected nodes — number of nodes that are current protected by a password
  • Showing title — number of nodes showing their title
  ...

Interestingly enough, today I received a Security Advisory from Drupal saying that users received an email from a hacker asking them to install a Trojan module on their Drupal system.

I find it quite interesting since, if Drupal wasn't secure, the hackers would not have to ask you to make it unsecure, would they?

However, this shows how many CMS systems introduce a security issue problem to your web server installation since it is required to let your web server execute any one PHP file...

All the files installed on your web server and that are directly accessible from the outside (i.e. ...

Security Issue

A security issue was found in all versions of jsMath before 2.x-dev for Drupal 6.x of Jul 29, 2010.

You may still securely use older versions of jsMath on private websites and websites were you are the only user (as in, the only one who can log in.)

The Drupal Security Advisory issue is here: http://drupal.org/node/854402

Basic To Do List Installation

Install the module as usual, generally under your sites/all/modules folder. On a Unix command line, you can use the tar tool like this:

  cd sites/all/modules
  tar -xf to_do.tar.gz

Then go to Administer » Site building » Modules and enable the To do list module.

As usual, we stay busy keeping our Drupal installation updated and secure.

We have just upgraded to Drupal 6.16, installing several securty updates to bring us up to date. Although security issues that the updates addressed have not affected our customers, it is our duty to our clients to keep everything up to date nonetheless.

The module works and is secure, however, there are problems difficult to circumvent. The following lists them. If you can help fixing some them, you'll be more than welcome!

Reordering the Comments on your Node

It is possible to reorder the node fields using the CCK module. If the Discuss This! comments do not appear exactly where you'd expect them to be, try using the the CCK module:

1. Download the CCK module
2. Install the CCK module
3. Go to Administer » Content management » Content types
4. Click on Manage content fields next to the node type you are trying to ...