Email security check. Email violata? Controlla e provvedi subito!

Vi ricordate quando abbiamo parlato di come creare una password che vi garantisca un buon livello di sicurezza?
Ecco il link all’articolo https://www.unmoscerinonelweb.com/blog/password-sicura-sei-sicuro/ nel caso ve lo foste perso.

Rimane sempre una buona idea avere una password diversa per ogni account, perché? Semplice se qualche cracker (un hacker con cattive intenzioni) riuscisse a violare un sito dove siete registrati ed ottenere la vostra password allora avrebbe le porte della vostra privacy e della vostra sicurezza spalancate, con tanto di tappeto rosso.

Su questo sito potete scoprire se il vostro account email risulta essere stato violato assieme agli altri presenti su un sito dove siete registrati e quali sono i dati in pericolo.

Visitate haveibeenpwned.com scrivete il vostro indirizzo email e incrociate le dita.

Se ci sono problemi di sicurezza vi sarà mostrato un report di questo tipo:

Andate portale per portale e cambiate la password, inserendone una diversa per ogni sito/portale.

Buona fortuna.

PSSSS

Volete un modo per conservare le password indipendente e offline? Date un’occhiata a keepass.info.

File managed entire folder Drupal

Some information on managed and unmanaged files in Drupal

If a file is on a certain folder of the webserver within the Drupal folders it does not mean that Drupal knows it!

When Drupal “store” the presence of a certain file (i.e. public://myfile.pdf) it became a managed file.

You can add a file to managed with file_save_data function.

Luckly or unfortunaly a function that manage an entire directory of files, maybe in a recursive way, is not present in Drupal core.

How to import a folder of files to Drupal?

I create a script to this in a clean and easy way.

  $destination = 'public://path-to-folder';
  $regex = '/.*\.jpg$/'; // This will identify jpg files

  $paths = file_scan_directory($destination,$regex);
  foreach($paths as $path => $data){
    $realPath = drupal_realpath($path);
    $handle = fopen($realPath, 'r');
    $file = file_save_data($handle, $path, FILE_EXISTS_REPLACE);
    fclose($handle);
    if(!$file){
      dpm('ERROR');
    }
    else{
      dpm("YEAH!!");
      dpm($file);
    }
  }

Note that dpm function is provided with a contrib module: Devel.

Hint

I have used this functionality to put lots of images in the media library (made with Media module) and make them available for redactors.

Drupal 7 blocks external frame due to X-Frame-Options

As documented (https://www.drupal.org/node/2735873) Drupal comunity removed the possibility to embedd a Drupal site into an external frame to avoid clickjacking.

The problem

Basically you can not put an external Drupal website into an iFrame anymore, if you try to embedd a website with X-Frame-Options restrictions you will get a browser console error stating something like this

because it set ‘X-Frame-Options’ to ‘sameorigin’

This behavior is obtained in drupal_deliver_html_page (in common.inc) in which it is checked what I show you below:

// By default, do not allow the site to be rendered in an iframe on another
// domain, but provide a variable to override this. If the code running for
// this page request already set the X-Frame-Options header earlier, don't
// overwrite it here.
$frame_options = variable_get('x_frame_options', 'SAMEORIGIN');
if ($frame_options && is_null(drupal_get_http_header('X-Frame-Options'))) {
  drupal_add_http_header('X-Frame-Options', $frame_options);
}

To see your Drupal website displayed into a frame of an external website you must change X-Frame-Options (or remove it).

The solution

Although Drupal documentation (https://www.drupal.org/node/2735873) explains that you can remove the X-Frame-Options header via the page_alter, I discovered that under certain conditions this strategy does not work at all.

In my case I was able to surf the site from a Frame only if I was logged in with an active session.

To achieve a better solution, my suggestion is to modify the Drupal variable x_frame_options before the drupal_deliver_html_page is called.
I did this (and it works like charme) via page_delivery_callback_alter, where I set the variable to FALSE under certain satisfited conditions (i.e. the page is requested from a whitelist domain).

function MYMODULENAME_page_delivery_callback_alter(&$delivery_callback) {
  $domains = variable_get('ur_com_xframe_allowed',array('http://www.myalloweddomain.xxx/'));
  //removing frameset limitation for certain referrers
  if(in_array($_SERVER['HTTP_REFERER'],$domains)){
    //setting the variable to false in order to avoid a future setting of the header
    variable_set('x_frame_options', FALSE);
  } else {
    //default behavior
    variable_set('x_frame_options', 'SAMEORIGIN');
  }
}

Hope this help.