Home » Forums » General » General Discussion

Client asking about secuirty of drupal + ubercart

Submitted by arbel on Thu, 04/17/2008 - 12:08
arbel
Posts: 128
 Joined: 08/12/2007
Bug FinderGetting busy with the Ubercode.

Hello,

I'm developing an e-commerce site for a client and he needs reassurance about drupal and ubercart. Someone told him there might be security vulnerabilities and such, and I need help convincing him that open source doesn't mean insecure but the opposite, it means that its being scrutinized even more than regular corporate websites.

any one have any tips or examples of high profile e-commerce sites that use drupal?

Also the credit card transaction is going to be with a company called transizla, there's a module here already.

thanks

Idan
permalink #1 Thu, 04/17/2008 - 12:45
japerry@drupal.org
Posts: 87
 Joined: 08/08/2007
Getting busy with the Ubercode.Not Kulvik

Drupal has a pretty dedicated group of security pros who receive, verify, fix, and report bugs in their software. Over the 3 years I've used drupal, I've not personally suffered from any exploits in the software, but I also make sure to keep my modules updated.

Ubercart has security bulletins as well, and the team does a pretty good job of releasing security updates when those bulletins are released.

So basically, tell your client that as long as you keep your system updated you should 'knock-on-wood' be protected from most vulnerabilities.

There is a good list of sites using ubercart here: http://www.ubercart.org/site

permalink #2 Thu, 04/17/2008 - 13:35
Ryan

Posts: 3744
 Joined: 08/07/2007
AdministratorHead Code Monkey - I eat bugs.

japerry's right on. I even get e-mails about potential vulnerabilities and check them ASAP. Warner Bros. Records is one high profile company using Drupal for its artist sites, and they're rolling out Ubercart stores as quick as they can.

permalink #3 Thu, 04/17/2008 - 17:30
arbel
Posts: 128
 Joined: 08/12/2007
Bug FinderGetting busy with the Ubercode.

do you have any links to the warner bros artist websites, so I can show my client? any key security items that are dealt with that I can let me client know about, I'm trying to reassure him and convince him that open source, and drupal/ubercart are secure as anything else out there.

Idan

permalink #4 Thu, 04/17/2008 - 17:43
torgosPizza

Posts: 950
 Joined: 08/14/2007
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.

There's also our website rifftrax.com that runs solely on Drupal now, and we sell quite a bit of stuff - nowhere near WB, I'm sure. I can't give you numbers but suffice it to say thousands of orders a day and tens of thousands of unique visitors a month. Haven't had an issue yet, knock on wood.

--

"Pain don't hurt." - Dalton

Mike Nelson's RiffTrax! www.rifftrax.com

permalink #5 Thu, 04/17/2008 - 18:00
Ryan

Posts: 3744
 Joined: 08/07/2007
AdministratorHead Code Monkey - I eat bugs.

I'd show him the Riff Trax site, and http://www.avengedsevenfold.com is one of the WBR artist sites. Their main site is also on Drupal. Popular Science recently converted to Drupal, too. Smiling