The idea of creating a static HTML version of a website for production use is gaining significant traction in the industry. Doing this removes the joint attack vectors of PHP and MySQL on the site, and means there is no requirement to slavishly keep up to date with Drupal security patches. Content can still be created using Drupal in a secure non-public facing environment such as a VPC or a sandbox, then the static pages can be deployed to the production server.
My experience using layout builder in a big project. In this session, I will present why I decided to recommend to use Layout Builder, what was w risk and how we proceed with. I will show our best practices and all dead ends. If You want to build flexible and easy to use page for content managers this session is for You.
Most of us are creating unit tests every day. We often use PHPUnit for that. But are we using it properly? What can we improve, and what to avoid? How the framework has evolved over last years? What are the newest best practices and how to start follow them?
Drupal needs a modern UI for rich content creation. This fall WordPress 5 is out with the brand new Gutenberg editor, a decoupled React based editing experience. It works great! And: It's open source, so we ported it to Drupal. Combining Drupal and Gutenberg is a killer combination, empowering content authors to build rich landing pages inside a rock solid CMS framework. All Drupal project owners want to provide the best editing experience possible for their users.
A closer look at what happens from the moment Drupal receives a request for a resource, through interactions with Symfony components and eventually returning the desired response.
In this session, I'll show the most common vulnerabilities that our Drupal code can have and how we should be prepared to avoid such an insecure code to be released. The presentation covers trends in vulnerabilities, starting in general aspects then showing Drupal specific ones. I'll also speak about what we should do if we find any vulnerabilities in contributed solutions. All backgrounds are welcome from Drupal site builders to contributed projects' maintainers! Every one of you will be able to learn and improve your security awareness as being an active participant in the session.
How we use automation to increase quality, reduce cost and increase fun of development. I will talk about the processes we set up for continuous integration on all projects we maintain in Droptica.
With version 8, Drupal delivered major improvements in the way content could be cached and expired. For the first time, significant caching is possible for dynamic pages and authenticated users. However, the caching system can be complex and confusing. Developers can inadvertently negate the advantages of Drupal’s cache systems and, even worse, create security and information disclosure holes. This presentation will provide an overview of Drupal’s cache layers and will cover best practices when theme-ing and customizing Drupal to avoid common errors and to maximize performance.