Blog

While Drupal is a secure system, there are 4 configuration issues that are often overlooked when developing a Drupal site. By following a few easy steps, we can make a Drupal site much less vulnerable.

1) Leaving Drupal Version Information Text Files on Server
A lot of developers forget to delete the Change Log and other text files that come with the Drupal package. By leaving the text files on the server and having them accessible, you enable potential hackers to know about the exact version of Drupal that you are using. Once the hackers know about the version, they can more easily find the exploits to hack into the Drupal site.

2) Cross Site Scripting
Cross site scripting can happen if you allow visitors to post any HTML code and JavaScript into form boxes. This will allow hackers to post malicious code onto your web page. It is critical to either ensure that only filtered HTML is allowed for postings or to run the check_plain() function against all user input.

3) Exposing Apache/Server Tokens

Most often we work on our local database for Drupal projects and thus mysql host in settings.php would likely be 'localhost' as in the line: $db_url = 'mysql://db_user:db_password@localhost/db_name'; However, occasionally we may want to connect to a remote mysql server directly (eg. on a dev server). If you have full control over the remote mysql server, here's what you can do to achieve that:

1) Log onto the remote server and edit mysql server configuration file
Suppose the remote server is Fedora with IP address 192.168.1.150.
vim /etc/my.cnf
Comment or remove the line 'skip-networking' if it exists and add a new 'bind-address' line like the following:

#skip-networking
bind-address=192.168.1.150

Then restart mysql server.
service mysqld restart

2) Grant relevant user and database permissions
Suppose you're connecting to the mysql server from IP 192.168.1.100. You can do the following in mysql prompt on server 192.168.1.150:
GRANT ALL ON db_name.* TO 'db_user'@'192.168.1.100' IDENTIFIED BY 'db_password';
or if you want to allow connection from anywhere:

Designing for the web can often be a tricky task, there are many variables to take in account, some of them of technological nature, some of them of human nature. The fold is something that involves a little bit of both.

What is the fold?

If you’re not familiar with the idea of the fold on web-design, we could say in a nutshell that it is the area of the site that your users will see without having to scroll, therefore, making that region very valuable. Now, calculating how big that area is, is a slightly more difficult task, it involves screen sizes, resolutions, browser type, operational system, how many toolbars the users have, and so it goes. But we’re not going to go that far this time, the point of this post is to argue that the fold may not be as important as it’s been said.

It is commonly said that users won’t scroll bellow the fold or won’t pay too much attention to the content bellow that line. I would agree that to a certain extant. I can’t deny that for most of the sites that area is the most important. That is the first impression you user will get, so there are some important tasks to accomplish on there such as:

Recently, I had to create a carousel with YouTube videos (thumbnails). I downloaded and enabled 'emfield', 'emthumb', 'emvideo', 'viewscarousel' and 'jcarousel' modules. I created a new content type - youtube_video - with a field field_youtube_video of "Embedded Video" type.

Now I had to create a view. In a new view's Basic Settings, I set Style to Views Carousel and added Fields -" Content: Youtube Image Thumbnail (linked to node)" and "Node: Title". I also set Filters to "Node: Type = Youtube Video".

You will also want to modify some settings to make it look as you like, but this is pretty much everything that you need to create a carousel - just add some nodes and enter the URLs to a YouTube pages of video you want to display.

But I needed more than that - I needed YouYube_video nodes to be created for me from this RSS: http://gdata.youtube.com/feeds/base/users/alfresco101/uploads?alt=rss&v=2&orderby=published&client=ytapi-youtube-profile

When looking for jQuery plugins, I always try to do the research to find simple to use, compact plugins. Most of the time, for Drupal sites, I will take the minimized version and throw it into the themes folder, or a module's "includes" folder. Here is a list of jQuery plugins that I have used multiple times, on various websites, and are probably the easiest to use.

1. jTabber

There are a couple plugins I’ve found myself using a lot lately; Carousel and Slideshow. These plugins are documented very well and can easily be found by searching google. But these plugins also have very useful Views plugins as well. All you need to do is enable the module and select either Carousel or Slideshow as your Views style. There is a D5 and D6 version of each module, but I haven’t used these in D5 yet. The D6 version has all the settings you would usually set in Javascript. After selecting the style, it will list all available settings; timing, effect, etc. I would imagine the settings are similar is D5.

Carousel is in development at the moment, but the basic functionality is there and I haven’t noticed any issues with it while using it. Writing the JS for these can take a little extra time, but with the Views plugins, its only a click away.

You can find the modules here.
Views Carousel
Views Slideshow

If you're having trouble finding the perfect gift for that "geeky" person in your life, no worries. Whether the gift is for your parents, siblings, friends, or for someone special, AppnoVision is here to help. In this special episode of AppnoVision, there are some great gift ideas featured for the -hard to buy for- person in your life.

If there are some wacky techy gifts that you feel should be added to this list, do share! I wonder if any of them would top the 5 outlined in the video?

Enjoy.

The last decade has seen our consumption of information skyrocket, but our capacity to manually organize our digital life simply crumble.

Think of it: ten years ago, we would create folders to organize our files, our music, our mail, but nowadays, we simply store our information into generic folders, and as long as each piece of information is properly tagged, we let the search engines organize our life. One could argue that this was predictable, because this is how the brain works. But there has been several formal studies on the subject, so this evolution wasn’t completely blind.

One of the key ingredients of Drupal’s success is the concept of generic nodes and attributes which we don’t care how and where they are stored. What is important is the capacity to retrieve information using parameters, through the Search and Views modules.

Drupal’s core search module can be replaced with Apache Solr, a web service which includes the Lucene engine also powering Alfresco. On web sites where Alfresco is used to store documents, this has the advantage of bringing one uniform search syntax to every search query. Furthermore, since Solr is called via a REST interface, you can install it on dedicated server, which means that your website performance won’t degrade during periods where the search activity is more intense.

Have you always wondered what Alfresco is? Well your questions are answered within this quick and easy video. Brought to you by Appnovation, this video explains the basics of what Alfresco is, where it comes from and where you can find it.

The Search functionality is one of the important aspects when choosing an Open Source CMS, and as you may know, Alfresco uses the Apache Lucene search engine; a high-performance, full-featured text search engine.

Along with the Lucene search engine, Alfresco's search capability is powered by Open Office, which is able to extract text from many file formats and make them available to the Lucene search engine.

Let’s say a user has a PDF file, which contains a few text images, but he wants to store it as a text file in Alfresco repository, and of course the user wants to search the file by providing some keywords or meta-data. Searching files with meta-data may be relatively easy because most CMS supports custom meta-data. However, the problem is that the PDF file consists of images not text, which means without converting it to text there is no way to search the file with content.