How to setup local development environment for GovCMS8 Lagoon OpenShift

GovCMS 8 local development configuration for Lagoon/OpenShift

The new GovCMS hosting platform offers many benefits, one of which is the bundled local development environment. Utilising Docker containers, a new GovCMS project could be launched in a matter of minutes. Pulling and applying the latest GovCMS version is simplified down to a single command. In this article, I share my experience working with a GovCMS 8 project. Aiming at GovCMS 8 developers and web development agencies, this post could help streamline building successful GovCMS 8 websites.

Continue reading
Drupal ClamAV module vs maldet to eliminate malware in uploaded files

Drupal ClamAV module vs maldet to eliminate malware in uploaded files

A maldet binary, combined with the ClamAV package, offers a powerful anti-malware server protection solution. It offers a serious level of malware protection in your server or containers cluster deployment.

In this article I give an overview and comparison of using a Drupal ClamAV module, that scans uploaded files, with a server-level malware scanning using Linux Malware Detect and ClamAV

Continue reading
How to prevent username enumeration vulnerability in Drupal

How to prevent username enumeration vulnerability in Drupal

These days everyone is trying to pay attention to website security. Great effort. But as you hopefully know, the real security is the security at every level. Let’s review the very generic and common security feature, such as the username and password pair to secure login forms in millions of web applications. In the perfect scenario you would create a very unique and hard to guess username along with strong password (if your username is admin, bad luck!). In this case, whenever someone will be attempting a dictionary attack against your website, not only passwords needs to be discovered but usernames too. This makes the username/password security alone the strongest. In such scenario leaked username makes it only 50% success of a website breach (with password to be the remaining 50%) and gives your login form maximum protection possible.   What is Username Enumeration Vulnerability Username enumeration is a type of vulnerability in web applications, where it is possible to find exact usernames or to confirm that a guessed (or leaked) username exists in the system based on system response. For example the password reset form may return different response based on the fact that the username exists in the system versus the opposite.   […]

Continue reading