Protecting your users from phishing with Apache rules and HSTS

Published on Thu, 2010-09-09 - 22:27

HTTP Strict Transport Security or HSTS is a new security feature in browsers that enables you tell the browser “always use SSL when accessing this site”.

Mozilla has a good blog post explaining HSTS, so I won’t try to replicate that here, but I’d just like to make it clear that if you have a site that should always use SSL, be it Drupal or Django or any other system, this is definitely something you should get…


A tip for using PostgreSQL with Drupal 6

Published on Mon, 2010-08-09 - 21:27

If you are using PostgreSQL for hosting your Drupal sites, you might have noticed a lot of warnings in your logs like these:

Aug  8 18:41:05 s002 postgres[90076]: [5-1] WARNING:  nonstandard use of \\ in a string literal at character 32
Aug  8 18:41:05 s002 postgres[90076]: [5-2] HINT:  Use the escape string syntax for backslashes, e.g., E'\\'.
Aug  8 18:41:05 s002 postgres[90076]: [6-1] WARNING:  nonstandard use of \\ in a string literal at character 122
Aug  8 18:41:05 s002 postgres[90076]:…

Attention all Drupal Git-mirror users

Published on Mon, 2009-11-09 - 19:18

A long-standing issue with the Git mirrors of Drupal's CVS has been fixed thanks to Damien Tournoud.

The problem is that CVS outputs dates in RCS tags in the somewhat nonstandard format 2009/10/19 (ISO 8601 specifies dashes, not slashes as separator). The git-cvsimport tool used for creating the mirrors, however, uses cvsps, that updates the RCS tags to use the correct format (2009-10-19). Adhering to standards is generally a good thing, but in this case…


Going to the edge with Drupal 7...

Published on Thu, 2009-08-27 - 12:01

So, my fellow Drupallers, we are only inches away from the code freeze. Are we afraid yet?

A common trend amongst Drupal developers is that we're all mostly on last years version. Many Drupal programmer blogs have only recently been upgraded to Drupal 6, or are even still running Drupal 5. Not picking on anyone in particular.

I think that's a good indicator of a problem with Drupal. Upgrading is hard, and when the very people that do Drupal 24/7…


How to create and maintain your own cache table in Drupal

Published on Tue, 2009-08-11 - 09:41

There's a lot of good documentation for how to use the caching system already set up, in particular a very nice write up by Jeff Eaton that, even though it is written for Drupal 5, I find myself looking at rather often.

If you want to set up your own caching table, however, documentation is kinda scarce – I haven't been able to find anything that covered it, but that may be due to my lack of Google skills.



Drupal debugging tip – use the logging console

Published on Wed, 2009-08-05 - 22:55

I recently ran across a feature of Drupal's devel.module that might not be all that well known, namely that it has a facility for debug logging as well as the dpm() I've advocated to my fellow developers for a long time.

That is the dd()-command which instead of logging to screen simply outputs a print_r() to a file called drupal-debug.txt in your temporary files folder (where that is depends on your site configuration, but /tmp might be a…


Introducing the Stack Overflow module for Drupal

Published on Sat, 2009-06-20 - 12:21

As an avid user of Stack Overflow (and Server Fault, to some degree), I am well pleased to announce the stackoverflow.module for Drupal.

Why do we need a module for that?

Well, the Stack Overflow team recently introduced a new feature called “flair”. This is basically a badge you can put on your blog to show your level of awesomeness on Stack Overflow (or its related site, Server Fault).

My beef with that (and the reason…


Things that should be objects in Drupal #1: Content types

Published on Mon, 2009-06-15 - 11:23

Currently, defining the simplest content type in Drupal requires ~54 lines of 100% standard boilerplate code.

The reason Object Orientation would be good here is the simple concept of inheritance.

Very simply, my 54 lines of code could be replaced by something like:

class CampaignContentType extends NodeContentType {
  // Custom functionality here.

I think I'll go see if I can help Crell with his objective somehow :)


The new spam

Published on Tue, 2009-03-31 - 14:11

I just came across a new kind of spam, very cleverly made:

Screenshot of the new kind of spam I got

It's a clever ploy, posting praise with hidden images. Only it was a bit off in my case, but if I hadn't checked the source, I'd never have known that I was in fact in the advertising business.

This particular post actually slipped through Mollom, so beware, my Mollom using friends – I've submitted this one to Mollom as spam, but beware what might have gotten through the…

Subscribe to Drupal