Security

Overview

The Persistent Login module provides a "Remember Me" option on the user login form. Persistent Login is independent of the PHP session settings and is more secure (and user-friendly) than simply setting a long PHP session lifetime.

The 7.x version provides additional security by attempting to detect unauthorized re-use of tokens. For a detailed discussion of the design and security of Persistent Login, see Improved Persistent Login Cookie Best Practice.

Update on April 3, 2015: This module has a new maintainer (Ayesh), and now has a stable release after the SA-CONTRIB-2015. Current bugs and other issues will be addressed very soon!

Drupal does not check to ensure that the user has access to view a node referenced by a custom menu item before it displays the menu item. This module searches through the {menu} table, looks for nodes, and checks to see which nodes the user is unable to view. Those nodes are added to the the menu tree with the access attribute set to FALSE, ensuring they do not appear in menus.

Uses the Google reCAPTCHA web service to improve the CAPTCHA system. It is tough on bots and easy on humans.

reCAPTCHA is built for security. Armed with state of the art technology, it always stays at the forefront of spam and abuse fighting trends. reCAPTCHA is on guard for you, so you can rest easy.

For sites that are available via both HTTP and HTTPS, Secure Login module ensures that the user login and other forms are submitted securely via HTTPS, thus preventing passwords and other private user data from being transmitted in the clear.

Secure Login module locks down not just the user/login page but also any page containing the user login block, and any other forms that you configure to be secured.

Enables custom requiring and hiding of designated modules at admin/modules. Good for Drupal distros and hosts.

A good example would be to prevent the disabling of the paranoia module, which prevents PHP from being run.

systemmask development has been sponsored by CivicSpaceLabs.org. After May 10, 2007 the module has been maintained by Robin Monks.

Overview

Captcha Riddler is a sub module of Captcha that lets site administrators create their own questions to foil automated spam bots.

Implements Project Honey Pot's http:BL service for Drupal. http:BL can prevent email address harvesters and comment spammers from visiting your site by using a centralized DNS blacklist. It requires a free Project Honey Pot membership. This module provides efficient blacklist lookups and blocks malicious visitors effectively.

http:BL has been adopted for use to enhance protection on Drupal.org.

This module adds a security layer to Drupal based on PHPIDS http://www.phpids.org.