Drupal ParanoiaでDrupalをより安全に

•

0 likes•155 views

Web版（最新）：https://snize.github.io/demo_drupal-paranoia/ 2018/10/12 Drupal Meetup 羽田 #14 でのスライド https://drupal-meetup-haneda.connpass.com/event/99066/

Software

Drupal
Paranoiaで
Drupalをより安全に金子
智嗣

kaneko@zerobase.jp
の運営メンバ
@snize
Drupal
Meetup
Tokyo

過去の脆弱性
2016年にというモジュールで
脆弱性が発見された。
Coder
SA-CONTRIB-2016-039

webからアクセス可能な場所にあるだけで脆弱性
となった。
The
module
does
not
need
to
be
enabled
for
this
to
be
exploited.
Its
presence
on
the
le
system
and
being
reachable
from
the
web
are
su cient.

Demo
一般的DrupalプロジェクトのDocrootを確認
zip版
版(composer)drupal-project

他のWebフレームワークと比較
Symfony
Quick
Tour:
The
Architecture
Directory
Structure
-
Laravel
-
The
PHP
Framework
For
Web
Artisans
CakePHP
のフォルダー構成
-
3.6

Drupal
Paranoia
不要なファイルを削除し
必要なファイルへのみシンボリックリンクを生成する

Demo
準備します...
1.
もとのDocrootを退避
2.
composer.json
の
extra
にコードを追加
3.
プラグインをインストール

プラグインをインストール
composer require drupal-composer/drupal-
paranoia:~1

まとめ
Drupal
Paranoiaによって
web(docroot)
以下が

必要最小限のファイルに置き換えられ
不用意なアクセスからDrupalを守ることができる。

おまけ
Drupal
Paranoiaは

のプロジェクトのひとつ
Core
doesn't
embrace
Composer
best
practices
OOTB
Figure
out
how
to
separate
php
code
from
assets
in
modules
and
in
core
so
that
code
can
be
vendored,
and
assets
under
the
docroot.
Drupal
Composer
Proposal:
Composer
Support
in
Core
initiative
[#2958021]
|
Drupal.org

以上です、ありがとうございました
( ω )
コンタクト
@tomotsugu_kaneko
-
kaneko@zerobase.jp
次回
2018/11/01
@snize
drupal-japan.slack.com
Drupal
Meetup
Tokyo
-
connpass

Featured

Product Design Trends in 2024 | Teenage EngineeringsPixeldarts

How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow

AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork

Skeleton Culture CodeSkeleton Technologies

PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley

Content Methodology: A Best Practices Report (Webinar)contently

How to Prepare For a Successful Job Search for 2024Albert Qian

Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)

Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal

5 Public speaking tips from TED - Visualized summarySpeakerHub

ChatGPT and the Future of Work - Clark Boyd Clark Boyd

Getting into the tech field. what next Tessa Mero

Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray

How to have difficult conversations Rajiv Jayarajah, MAppComm, ACC

Introduction to Data ScienceChristy Abraham Joy

Time Management & Productivity - Best PracticesVit Horky

The six step guide to practical project managementMindGenius

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools

12 Ways to Increase Your Influence at WorkGetSmarter

Featured (20)

Product Design Trends in 2024 | Teenage Engineerings

How Race, Age and Gender Shape Attitudes Towards Mental Health

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

Skeleton Culture Code

PEPSICO Presentation to CAGNY Conference Feb 2024

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

Introduction to Data Science

Time Management & Productivity - Best Practices

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

12 Ways to Increase Your Influence at Work