Drupal sites contain a settings.php file with site-specific settings, that is based off default.settings.php at the time the site is installed. As Drupal evolves, default.settings.php will change. Sometimes, it's worth incorporating those changes into the settings.php file for an already-installed site. This post runs through a low-friction way to keep on top of this house-keeping.Blog Category: Drupal Planet
MacOS dependencies See also #52 https://lessons.livecode.com/m/4071/l/15029-linking-an-osx-external-bundle-with-a-dylib-library GDAL otool -L /us…
Some more info about dynlib https://lessons.livecode.com/m/4071/l/15029-linking-an-osx-external-bundle-with-a-dylib-library otool -L /usr/local/Cel…
A recent Wired article about the Parler data hack talked about how a hacker group was able to steal publicly available information from the Parler website using an Insecure Direct Object Reference (IDOR) or enumeration attack. This type of attack involves a hacker looking at the structure of the site and attempting to guess the next available resource by looking at the URL. Apparently, terabytes of Parler's data was downloaded by simply enumerating through the ID's of their publicly available posts.
Taking an arbitrary example in Drupal, let's say that you had a content type called post that was loaded using the type and ID of the content in the URL. This means that when a user visits the post they might see a URL with the path /post/1. If a user wanted to see the next available post on the site then they could just increase the ID by one and see if the next post loads or not. It becomes almost trivial to build a script to download every post on the site by just looking through the ID of the posts. This is almost what happened in the Parler attack, although that attack was done through their API service rather than through their website, but the principle is the same.
You might not think this is much of a problem, but you can actually leak a lot of information from a site like this without even realising it. Especially problematic is user profiles where improperly controlled user profile pages can mean that a site can leak all of their user data without hackers needing to break into the system. It doesn't have to be user profiles though, many users will post identifiable information in public posts and so any system that allows all of these posts to be enumerated will leak quite a lot of information that can be easily linked back to users.
Today, for the second consecutive year, Acquia was named a Leader in Gartner's Magic Quadrant for Digital Experience Platforms (DXPs).
Our leader position improved compared to last year. Acquia is now the number two. Market validation from Gartner on our vision is exciting and encouraging.
In the report, the analysts note the Drupal community as a powerful entity that sets Acquia apart from closed-monoliths. Closed monolithic stacks and martech silos are quickly becoming a thing of the past. Drupal's scale, modularity and openness is a real differentiator.Mandatory disclaimer from Gartner
Gartner, Magic Quadrant for Digital Experience Platforms, Irina Guseva, Mick MacComascaigh, Mike Lowndes, January 27, 2021.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Acquia.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
After #33 lands we still face: The MacOS build process results in the supporting files into res://build/ directory. Fiddling removing /build makes…