Difference between revisions of "Drupal"

From SI410
Jump to: navigation, search
(Ethical Concerns)
(Open-Source Ethics)
Line 63: Line 63:
  
 
===Open-Source Ethics===
 
===Open-Source Ethics===
The development and expansion of [[Open Source Software]] options in the field of web app development has come with its own set of moral and ethical issues.
+
The development and expansion of [[Open Source Software]] options in the field of web app development has come with its own set of moral and ethical issues. These range from issues covered under Drupal's extensive [http://drupal.org/licensing/faq/ Licensing Policy], to the [http://en.wikipedia.org/wiki/Gpl GPL (GNU General Public License)], to ethical concerns outside of law and Drupal's licensing policies.
 +
#Accountability and Responsibility:  this is a central theme to a great majority of ethical discussions about OSS.  Some concerns may be:
 +
**Who is responsible in the event that a vulnerability is exploited and private data is leaked?
 +
**Does exposing source code to potentially malicious public observers reveal vulnerabilities in the application?
 +
**Are morally questionable outcomes more likely when collaborators may not have any personal connection to each other?  Moreover:
 +
**Should collaborators trust one another?
 +
To this end, Paul B. de Laat argues in his paper "Trusting virtual trust" that using a structured hierarchy of roles (observer-contributor-manager) and collaborative technologies common to proprietary projects, collaborators can overcome the so-called "anarchy" of the task.  Furthermore, posits de Laat, these techniques display an air of professionalism and more importantly that these collaborators have learned from the mistakes of past OSS projects.<ref>[http://philpapers.org/rec/DELTVT Trusting virtual trust by Paul de Laat]</ref>
  
 
==Notable Websites using Drupal==
 
==Notable Websites using Drupal==

Revision as of 23:46, 10 December 2012

Back • ↑Topics • ↑Categories
Drupal
Drupal1.gif
Drup.jpeg
Drupal Official Website [ ]
Type Web Content Management System
Launch Date 2001 [1]
Status Active
Product Line Drupal
Platform Cross Platform, PHP
Website www.drupal.org

Drupal is a free online Open Source web content management system platform (CMS). Drupal can be used to create a wide array of webpages, from personal blogs to enterprise applications. The nature of the open source community surrounding the Drupal CMS allows users to access extra CMS features (called modules) that were created by developers in the Drupal community, as well as contribute to the array of features themselves by utilizing a Drupal developer account.[2]

As of October 12th, 2012, there were 18,627 modules, 21,153 developers, and 886,121 users worldwide using Drupal to power their sites.[1]

History

Drupal was started in 2000 at the University of Antwerp in Belgium. Dries Buytaert and Hans Snijder had set up a wireless internet connection to Snijder's ADSL modem, and were sharing it with 8 other students in the dormitory. Buytaert made a small news site with a built-in posting board for the students to share announcements and news over Snijder's modem. The software didn't become public until the day after Buytaert's college graduation, when he put it on the web so students at Antwerp could all stay in contact with each other.[3]

The original domain name for the site was drop.org, due to a typo when checking to see if dorp.org was available (dorp is the word for 'village' in Dutch). Upon its release to the public, the audience and members of drop.org changed. Members began exploring new web technologies, and experimenting with these technologies in the software running in the back-end of the site. In January of 2001 Buytaert released the software the site was using under the name "Drupal," a twist on the Dutch word for "drop." Users have been contributing new features to the site ever since.[2]

Technical Details

The Drupal software bundle includes the Drupal Core, which contains all the basic Drupal functions that come standard with a Drupal account. The software bundle also includes other developer-contributed modules that extend the functionality of the Drupal CMS but are not included in the Core. The standard Drupal Core comes with built in features such as blogging, forums, and contact forms. These features can then be supplemented by contributed modules within the Drupal open source development community.[4]

Drupal is written in PHP, a server-side scripting language. Drupal is compatible with any platform that supports a PHP-running web server and a database for data storage. Although Drupal does contain a complex set of programming features for web developers, no programming knowledge is needed to set up and administrate a basic web page.[3] With over 18,000 modules available to all users, developers are allowed to dedicate their efforts into feature integration and user experience rather than having to create and code these features on their own.[5]

Administration

Drupal's administration system is split into give main parts: Content, People, Structure, Configuration, and people. With each of these sections, administrators can easily modify site content, update users permissions, create menus, and enable new themes. The command line tool for Drupal called "Drush" can automatically update outdated modules and clear the cache[ with a single command instead of spending hours trying to change elements through the command prompt.[6]

Building

The Drupal system doesn't need custom programming. It easily builds both internal and external websites, and options of using a multi-site configuration or choosing a Drupal distribution can give first-time users pre-made configurations for every site's purpose. In Drupal, a "Action module" exists to automate tasts like sending email blasts to promote events or causes. Moreover, the "Workflow module" and "Rules module" should be further explore to extend the functionality of the Action module. Another module that can be used is the "Panels module", which gives site administrators a easier way to create a customized layout that is right for them. It has a drag and drop interface for adding views, fields, and nodes.[7]

Collaborate

Through the Workflow module, administrators can have strict control over user's abilities so administrators have the ability to control what content is private what is published on the site. With the Organic Groups module, it gives users the ability to create groups on the site and with certain distributions like Open Atrium and Drupal Commons it can help make a site collaborative. Drupal also a Facebook Connect module to utilize user's Facebook login information to contribute to the site.[8]

The Drupal Team

Drupal's core content is managed by an array of developers and a security team. The founder and lead developer is Dries Buytaert, who maintains chief control over additions and other changes to the software. Core committers are a small team of developers who review and maintain code and inspect changes submitted. They are the only members with write access to the core repository. As of October 12, 2012, Buytaert himself is the only permanent core committer. Branch maintainers are appointed by Buytaert and are informally charged with oversight of a specific portion of the core, such as a particular module or set of modules. Core contributors are any developers who submit patches or documentation for the core source code. They are peer-reviewed and then decided upon by Buytaert to be invited to be core committers.[9]

Drupal also has a substantial security team to test for and resolve any security issues with the core, as well as assist the Drupal developer community in the security of their own features. This includes, but is not limited to, helping resolve security issues with module maintainers' code, distributing documentation on writing secure code, and providing documentation on securing your own site. When security issues are found, the security team follows a policy of "Responsible Disclosure." The team only goes public with the issue after the issue has been fixed or it has become apparent that the core maintainer in charge of the code is not responding in a timely manner.[10]

Community

The Drupal community has a variety of resources and places to receive guidance and support for the software. These resources include face-to-face meetups, IRC channels, Planet Drupal (an online service that aggregates blog posts about Drupal), commercial support (private companies posting to the Marketplace where users can receive professional assistance), the Drupal Forum, mailing lists, and more.[11]

Ethical Concerns

There are a few ethical concerns with the usage of Drupal. These range from potential vulnerabilities inherent in some versions of the software (wherein the software is seen as the moral agent) to the open source software (OSS) model which Drupal's community of developers act as moral agents in.

Security Ethics

First, is the ethical concern of security with the use of Drupal, especially on secure websites such as whitehouse.gov, etc. While Drupal is a secure system, there are 4 configuration issues that are often overlooked when developing a Drupal site.[12] Four common configuration issues that are often overlooked when developing a Drupal site are:

  1. Leaving Drupal Version Information Text Files on Server, allowing potential malicious users to know which exact version of Drupal the site uses. This would let the potential hacker exploit version-specific vulnerabilities to the Drupal site.
  2. Cross Site Scripting (widely accepted as the most common vulnerability used to exploit web applications[13]). This can be prevented by barring users from inserting functioning scripts into text boxes, either by not allowing HTML insertion or filtering the HTML.
  3. Exposing Apache/Server Tokens, which inform potential malicious users which Apache/PHP version the site uses. This could potentially expose version-specific vulnerabilities.
  4. Allowing Users to Create Accounts on a Private Content Site. If the site is intended to be private/corporate, the administrators should be the only ones who can approve of new users.

By following a few short steps, one can make a Drupal site much less vulnerable to security threats and breaches.[12]

Open-Source Ethics

The development and expansion of Open Source Software options in the field of web app development has come with its own set of moral and ethical issues. These range from issues covered under Drupal's extensive Licensing Policy, to the GPL (GNU General Public License), to ethical concerns outside of law and Drupal's licensing policies.

  1. Accountability and Responsibility: this is a central theme to a great majority of ethical discussions about OSS. Some concerns may be:
    • Who is responsible in the event that a vulnerability is exploited and private data is leaked?
    • Does exposing source code to potentially malicious public observers reveal vulnerabilities in the application?
    • Are morally questionable outcomes more likely when collaborators may not have any personal connection to each other? Moreover:
    • Should collaborators trust one another?

To this end, Paul B. de Laat argues in his paper "Trusting virtual trust" that using a structured hierarchy of roles (observer-contributor-manager) and collaborative technologies common to proprietary projects, collaborators can overcome the so-called "anarchy" of the task. Furthermore, posits de Laat, these techniques display an air of professionalism and more importantly that these collaborators have learned from the mistakes of past OSS projects.[14]

Notable Websites using Drupal

See Also

References

  1. Drupal on Wikipedia
  2. Drupal Home Page
  3. Drupal History
  4. Drupal Project
  5. Drupal Features
  6. Drupal Administer
  7. Drupal Build
  8. Drupal Collaborate
  9. Drupal Core Developers
  10. Drupal Security Team
  11. Drupal Community
  12. 12.0 12.1 4 Drupal Security Issues
  13. Symantec Internet Security Threat Report 2007
  14. Trusting virtual trust by Paul de Laat

(Back to index)