How to version control database

How to version control database configuration

Working as a Drupal developer for many years, I learned a few good ways to manage development workflow well and achieve perfect release management process. Working mainly with Drupal and relying on Git for development, I always recommend other developers – that are not familiar with Git – to start using it. Git is not a rocket science and it offers many benefits, especially when it comes to complex projects with many developers working on it in parallel. Several times I was asked how to version control a database. All modern CMS websites have their configuration split between the code and the database, it may become critical to version control the database-based configuration. The main reason is that other developers could pick up configuration changes easily during their daily development routine. How to version control a database? The short answer is “No, you don’t!”. Instead, you make the configuration changes to the database via code and then you version control the code. In this article I will share my experience in managing several Drupal 7 and Drupal 8projects, where my team was sharing the database configuration via Git. Such approach allows for smooth configuration sharing in the team and avoid configuration conflicts. What part of […]

Continue reading
How to prevent username enumeration vulnerability in Drupal

How to prevent username enumeration vulnerability in Drupal

These days everyone is trying to pay attention to website security. Great effort. But as you hopefully know, the real security is the security at every level. Let’s review the very generic and common security feature, such as the username and password pair to secure login forms in millions of web applications. In the perfect scenario you would create a very unique and hard to guess username along with strong password (if your username is admin, bad luck!). In this case, whenever someone will be attempting a dictionary attack against your website, not only passwords needs to be discovered but usernames too. This makes the username/password security alone the strongest. In such scenario leaked username makes it only 50% success of a website breach (with password to be the remaining 50%) and gives your login form maximum protection possible.   What is Username Enumeration Vulnerability Username enumeration is a type of vulnerability in web applications, where it is possible to find exact usernames or to confirm that a guessed (or leaked) username exists in the system based on system response. For example the password reset form may return different response based on the fact that the username exists in the system versus the opposite.   […]

Continue reading