Cracking Drupal - Permissions http://crackingdrupal.com/taxonomy/term/23/0 en The Importance of User Roles and Permissions for Site Security http://crackingdrupal.com/blog/ben-jeavons/importance-user-roles-and-permissions-site-security <h3>Rethink your roles</h3> <p>When discussing site security we often use words like "attacker", "malicious user" or "untrusted" to define site visitors who may be intent on abusing resources, stealing, or altering data. Within Drupal, visitors can achieve these goals using the permissions granted to their roles. This is the key component. We have to think of visitors in terms of what roles they have and what permissions we've granted those roles. Then instead of just thinking about trusted vs. untrusted users, we are thinking about trusted vs. untrusted roles.</p> <p>On your site, which roles are trusted and which are untrusted? What permissions have you given to those roles? What permissions have you granted to the Anonymous role and thus to anonymous visitors? As you build and add features to your site you are also widening the available points for attack. If you have allowed users to create accounts without administrator approval you should also consider what permissions you've granted the Authenticated role. Can authenticated users create content or post comments without approval?</p> <h3>Know the defaults</h3> <p>Community contributed modules as a whole are more insecure than Drupal core so it's especially important to be cautious about administrator permissions created by contributed modules. Role management can be burdensome so there are modules that grant roles to users upon account creation. Know the defaults, because <a href="http://crackingdrupal.com/blog/greggles/what-kinds-security-problems-exist-drupal">most Security Advisories for contributed modules are because of cross-site scripting vulnerabilities</a> and often exist on module administration screens where user-supplied data is not properly filtered. Whenever possible, utilize the principle of least privilege and give roles only the permissions they absolutely need. Grant those roles appropriately based on trust and what features need to be exposed for use.</p> <h3>"Super-permissions"</h3> <p>A few Drupal permissions should never be added to untrusted roles, as they allow or open up full control of your site. These permissions are:</p> <ul> <li>Administer filters</li> <li>Administer users</li> <li>Administer permissions</li> <li>Administer content types</li> <li>Administer site configuration</li> </ul> <p>To help keep your site secure, rethink which roles are trusted and untrusted, then evaluate what roles are granted to which users.</p> http://crackingdrupal.com/blog/ben-jeavons/importance-user-roles-and-permissions-site-security#comments Drupal Permissions Planet Drupal Roles Tue, 10 Nov 2009 19:18:49 +0000 Ben Jeavons 37 at http://crackingdrupal.com