Menu
What kind of potential security risk it raises if I left $update_access_free = TRUE in Drupal on a production environment? In that case, everyone can run update.php. Assuming there are no updates available, what can an attacker do?
609
If left enabled, an attacker could run old updates, which in a good scenario would only bog down your site's performance, but in a worst-case scenario could result in data loss or data corruption.
88
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
