Drupal Camp NH 2011

Just got back from a fabulous weekend Drupal Camp in NH, hosted by the NH Drupal User Group and spearheaded by Jake Strawn of Development Geeks and Michelle Lauer of Lullabot. Despite the dire snow warnings, the camp went on as scheduled (hearty New England stock!) including the after party mixer.

I couldn't get to everything, but I'll provide a brief overview of some of my favorite sessions and sessions that were well liked by other attendees.

Erich Beyrent, Hack-Proof Your Drupal App

Wow! What an eye-opening session by Erich Beyrent, currently working with Harvard University and contributor of the Drupal Permissions API among other modules. If you couldn't attend this session in person, you must, must, must check out his slides. His presentation, while drawing from examples of his own experience of hacked sites and security audits, helps developers and site managers focus on preventing common hacking threats. Here are his basic tenets:

• Accept and store raw data, filter on output with wrap functions (Hint: there are many available)
• Protect your database to prevent SQL injection and unauthorized data access
• Beware of user input by limiting comments to plain text and using Drupal form and search API
• Minimize AJAX risks by recognizing that AJAX transactions are not private and use JSONP rather than Eval()
• Don't touch core
• Rule of least permissions (only grant permissions that are absolutely required)
• Use HTTPS for social websites
• Keep core and modules up to date

Everyone left the session inspired to make their sites more secure, and were appreciative of learning from Erich, a good guy delivering bad news, rather than learning via the pain of a hacked site.

Drupal PHP for Designers, or PHP without Panicking

This session was the offering from us at GreenFerret. Our goal was to offer something for designers without any development background to feel less overwhelmed when perusing through the PHP in Drupal's template files. We gave this talk originally at Western Mass in a different form, and then at CT. We tried to put the concepts into three contexts: the general case, PHP specific, and Drupal specific. We've gotten good response from the content. Be sure to check out the slides.

Better Project Process

There were several sessions that offered tips on improving an overall project experience including Erik Peterson's talk on setting up a development environment, another excellent talk by Erich Beyrent on Staging Drupal, and Suzanne Kennedy of Evolving Web on the renamed Improving Your Testing Process.

Theming

There was a plethora of theming offerings from the general (Theming 101) to the specific (Reviewing the Omega Theme). Unfortunately, those folks haven't posted slides that I've found.

Etc.

The keynote on a brief history of Drupal was interesting. During the 2:15 time slot, I opted for one of the BOFs, namely the Freelancer meet-n-greet. The after party was great fun. Having met a number of the attendees during the day, I was able to chat with a number of them in depth, at least, those of us thumbing our noses at the snow building up outside.

All in all, a great event. We were all well fed. Special thanks to the key organizers, Jake and Michelle, all the terrific sponsors, Southern New Hampshire University for hosting us, and all the volunteers who helped everything run smoothly. I look forward to the links to the session recordings so I can view the sessions I missed. I also look forward to next year's event!"