Securing your portal
The developer portal is essentially a content management system (CMS) based on the open source Drupal (http://www.drupal.org) project. Drupal provides a core set of features in the form of modules that make it easy for you to build the content for, as well as manage, websites.
Drupal also has many security features that you should be familiar with as you build your portal. This page does not attempt to explain all of the Drupal security features, but instead contains links to documentation on some of the most commonly used Drupal security features.
Regardless of the security features that you want to implement, make sure that you have:
Along with the security information described in the table below, you should also be familiar with Drupal's best practices for coding standards and security as described on this page: https://www.drupal.org/developing/best-practices.
|General guidelines||See this article on general Drupal security topics: https://www.drupal.org/security/secure-configuration.|
|How Drupal stores passwords||See the section "Improved hashing algorithms" on this page: https://docs.acquia.com/articles/improvements-security-drupal-7-8|
|Prevention of brute force login attacks||
See the section "Drupal 7's built-in brute force detection" on this page: https://docs.acquia.com/articles/improvements-security-drupal-7-8
If you want to view/edit this configuration in the Drupal UI, you can use the information here: https://www.drupal.org/project/flood_control
|Adding password policy enforcement||A password policy defines password complexity for user passwords. For more information, see: https://www.drupal.org/project/password_policy|
|Autologout by a configurable time||The Drupal Automated Logout module can end a user's session after a defined period of inactivity. For more information, see: https://www.drupal.org/project/autologout|
Help or comments?
- If something's not working: Ask the Apigee Community or see Apigee Support.
- If something's wrong with the docs: Send Docs Feedback
(Incorrect? Unclear? Broken link? Typo?)