webschuur.com

I tweeted too fast, and wrong:

Site were the Dutch Government accidentally leaked its 2012 budget, is a Drupalsite. Yes #Drupal does not secure its files. Drupal for govs?

The mayor news outlets in the Netherlands did not link to the leaking site, but instead to the site that carried (a mirror of the) PDFS that were leaked as well as background information. I followed these links, without researching if these sites were the actual leaking sites. This site they, instead, linked to, is a Drupalsite. The one with the unprotected files was not.

So much for not investigating a little myself! The site that leaked the file, was an ASP (.net?) site.

I am sorry for this misinformation. And as said, tweeted too fast, did too little investigation and that makes me look stupid. I am glad for those that told me my mistake. And because I got married the next morning, writing this errata took more time then is appropriate. Sorry for that too.

As a bonus, and to make things up a little, some common Drupal leakages that I helped fix in clients projects. Obviously I have responsibilities (and even a few NDAs) so I don’t give names and urls.

Attached is a simple script to backup Drupal databases in an incremental-archive-friendly way (1.7KB). Instead of dumping the database into one big SQL file, this script creates many small files; one per table. With a blacklist option to exclude certain tables. It stores the structure (CREATE TABLE statements) in a separate file too.

Good news. My servermanager and Drupal host, just announced they are moving their infrastructure to PHP5. Entirely. PHP5 is really important if you want a future-proof hoster.

If you are looking for a Dutch host for your Drupal sites, I can advice you either one of the cheaper Vhosts, or, in case you decide to go for more Drupal sites, to mail for a reseller of colocation contract.

I have partnered up with them and give advice about Drupal hosting.

Lighthttp is a very good alternative for Apache. The exact details on why, how and when are outlined on lighttpd’s website, but I choose it for my development environment; because it is light: having five forked apache processes idling around, merely to develop a simple module is way OTT, I think.

There are many tutorials on getting lighttpd up and running, including a nice, yet complex one special for Drupal.

There, got your attention. Still, this is an often heard complaint, most of the times in nicer words though. Just look at the large amount of requests (with patches) for the statistics module. Nearly all of them cover things such as ‘don’t track this and that’, or ‘also track foo’. And apparently, it seems even Dries agrees. Or at least he seems to need more statistics then only those provided by Drupal:

<!-- Begin W3Counter Tracking Code -->

Drupal has a fantastic feature, the hook_auth to allow any third party to interact in the authentication process. This is used to authenticate against other Drupal sites over XMLRPC, it is used in the experimental openID integration, to allow authentication against any database, and so on. And off course to authenticate against an LDAP directory, using the ldapauth module. This HOWTO helps you on the track for the LDAP coupling. We use ldapauth.module, userprotect.module and Sympal Password Hijack to mould our Drupal site into an authenticate-only site.