CiviCRM Community Forums (archive)

Just how secure can you build a CIVICRM site with DRUPAL?

One of my friends is part of a group planning to build an advocacy site dealing with several controversial issues.

The kind of site that brings out a lot anger and hostilities between parties.

Since the purpose of the site is to unify and communicate with like minded people it will be a very big target for opponets.

He said," Blogs like Wordpress aren't secure enough, and he is afraid the civicrm could get hacked as well".

Basically, he said the parties are so vehemently opposed to each other that stealing the database information and harassing individuals is not off limits.

He indicated that even the hosting company would need to somehow be anonymous as possible, along with domain info,etc.

The opponents would do everything possible to disrupt and destroy the message his site would communicate.

I kinda laughed and said, "Well we are in America and we still have freedom of speech".
.
He didn't laugh. 

He said, "Most people think their rights are protected, but it is hard to prove enough for enforcement, much less prosecution. The best course to take is to be annoymous and unknown as you and your resources can be.  When it is time for public confrontation then so be it, but support resources security is very important".

I kinda laughed and said, "This looks to be more difficult than just keeping good site security and making good backups".

That kind of talk bothers me so I told him I'd look into it.

To date this is not the kind of work I do. A controversial website on my server might not something my hosting service wants either.

This site will not not be about anything with national implications or such, it is local and statewide only.

So.. back to my original question.

Just how secure can you build a CIVICRM site with DRUPAL?

Maybe I should add, how anoymous users can be and how secure can you make the server and data.

Maybe I just need some links or a few quick ideas.