Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Drupal ParanoiaでDrupalをより安全に

snize
October 12, 2018

Drupal ParanoiaでDrupalをより安全に

Drupal Meetup 羽田 #14 でのスライド
https://drupal-meetup-haneda.connpass.com/event/99066/

snize

October 12, 2018
Tweet

More Decks by snize

Other Decks in Technology

Transcript

  1. webからアクセス可能な場所にあるだけで脆弱性 となった。 The module does not need to be enabled

    for this to be exploited. Its presence on the le system and being reachable from the web are su cient.
  2. 他のWebフレームワークと比較 Symfony Quick Tour: The Architecture Directory Structure - Laravel

    - The PHP Framework For Web Artisans CakePHP のフォルダー構成 - 3.6
  3. composer.jsonを編集 "installer-paths": { "app/core": ["type:drupal-core"], "app/libraries/{$name}": ["type:drupal-library"], "app/modules/contrib/{$name}": ["type:drupal-module"], "app/profiles/contrib/{$name}":

    ["type:drupal-profile"], "app/themes/contrib/{$name}": ["type:drupal-theme"], "drush/contrib/{$name}": ["type:drupal-drush"] }, "drupal-app-dir": "app", "drupal-web-dir": "web",
  4. おまけ Drupal Paranoiaは のプロジェクトのひとつ Core doesn't embrace Composer best practices

    OOTB Figure out how to separate php code from assets in modules and in core so that code can be vendored, and assets under the docroot. Drupal Composer Proposal: Composer Support in Core initiative [#2958021] | Drupal.org