Skip to main content

An article from

Dive Brief

Popular content management system Drupal to move to HTTPS

Published Jan. 12, 2016

By

Justine Brown Contributing Editor

Dive Brief:

Last week, a researcher found several weaknesses in the update mechanism in Drupal, the popular content management system.
The lack of encryption for update downloads was the most concerning weakness as it could have led to the compromise of both the site and its database, the company said.
Developers are currently working to secure the software's update mechanism.

Dive Insight:

Drupal's security team switched its infrastructure to support Hypertext Transfer Protocol Secure (HTTPS) so update processes for the Drupal core and its modules use secure channels. The core update status module will use secure transport in the next Drupal update, the security team said.

Businesses and government agencies are increasingly shifting to HTTPS because it verifies the identity of a website or web service for a connecting client and encrypts almost all information sent between a website or service and the user.

In June, the federal government released a memo requiring all publicly accessible federal websites and web services to use HTTPS by the end of 2016.

Drupal will use HTTPS to secure its update process ComputerWorld

Filed Under: Security, Hardware & Infrastructure

CIO Dive news delivered to your inbox

Get the free daily newsletter read by industry experts

Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime.

Justin Sullivan via Getty Images

Google ties billions in revenue this year to generative AI

Alphabet CEO Sundar Pichai said underinvesting in the technology is a larger risk than overinvesting, as vendors pour resources into developing chips, models and infrastructure.

By Lindsey Wilkinson • July 24, 2024
Permission granted by Kyndryl

How Kyndryl’s ERP modernization led to an expanded SAP practice

The infrastructure services company is creating a migration playbook to guide others into the cloud, Kyndryl SVP and Global Practice Leader Michael Bradshaw said.

By Matt Ashare • July 29, 2024

CIO Dive news delivered to your inbox

Get the free daily newsletter read by industry experts

Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime.

Editors' picks

Justin Sullivan via Getty Images

Google ties billions in revenue this year to generative AI

Alphabet CEO Sundar Pichai said underinvesting in the technology is a larger risk than overinvesting, as vendors pour resources into developing chips, models and infrastructure.

By Lindsey Wilkinson • July 24, 2024
Permission granted by Kyndryl

How Kyndryl’s ERP modernization led to an expanded SAP practice

The infrastructure services company is creating a migration playbook to guide others into the cloud, Kyndryl SVP and Global Practice Leader Michael Bradshaw said.

By Matt Ashare • July 29, 2024

Latest in Security

Microsoft unveils resiliency, security enhancements following July global IT outage

By David Jones
Easterly to step down from CISA director role on Inauguration Day

By David Jones
Google Cloud to mandate MFA for all users in 2025

By Matt Kapko
Tech executives reassess IT resilience in CrowdStrike outage aftermath

By Matt Ashare

Home
- IT Strategy
- Cloud
- Security
- Big Data
- AI
- Software
- Leadership
Deep Dive
Opinion
Library
Events
Press Releases

Get CIO Dive in your inbox

The free newsletter covering the top industry headlines

Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime.