Help protect the website from attackers or bad actors, by identifying, preventing, or mitigating security vulnerabilities.

Not So Fast

Do you want to allow anonymous users to comment, but also want to ensure that the email addresses they enter are THEIRS? Not So Fast creates a new column in the comment approval queue labeled "Email is verified?". When anonymous users post comments, an email is sent to the address they specify. The email contains a link which, when clicked, will register their address as being verified. Site administrators can then determine whether to approve or delete comments based on this new criterion.

Not So Fast works as an excellent spam deterrent, but also permits site administrators to keep in touch with (and keep records of) the anonymous users who post on their sites.

I am open to suggestions about future directions for this module.

Categories: Actively maintained, Under active development, Administration tools, Security

ClamAV

ClamAV

Drupal integration with the ClamAV virus scanner.

This module will verify that files uploaded to a site are not infected with a virus, and prevent infected files from being saved.

NB: The module integrates with ClamAV, it does not provide an anti-virus scanner engine.

Categories: Actively maintained, Under active development, Integrations, Media, Security

Clear saved password field

clear_password_field.png

The Problem

As a Drupal developer, it's very likely that you have saved passwords for several of your websites. This makes it easier when coming back to it after a while. However, there are several situations where this is not desirable:

  • Whenever you try to edit any user account (including yours), your password is already populating one of the fields, even though the purpose of the field is to change it
  • Whenever you want to add a new user through the admin interface, not just your password, but also your username are now populating the fields of a soon-to-be different user

As a developer, you probably have learned to deal with it. But the truth is that this is a major problem when you are developing the website for someone else. Any other user that has permissions to administer user accounts will face the same problems. Unacceptable!

The Solution

What this module does is very simple: it clears the password.

Gone are the days of manually clearing that field whenever doing the slightest change to your account. User admins don't need to worry anymore about accidentally changing their users' passwords to that of their own.

Categories: Minimally maintained, Maintenance fixes only, Security, Access control

Password reset restrict

Enables a period of time to be set to throttle how often a password reminder email can be sent to each user.

Categories: Under active development, Security, Access control

CTools HTTP Header Plugins

This module defines context and access rules plugins for CTools (and Panels) based upon values of HTTP request header elements.

Categories: Minimally maintained, Maintenance fixes only, Administration tools, Access control, Security

Ban and Unpublish

Result of an action

Invaded by spammers? The Ban and Unpublish module makes it easier to clean up after registered spammers and other problem users by implementing a bulk operation. It finds and unpublishes their damage globally.

Categories: Actively maintained, Under active development, Security, Access control

Pages

Subscribe with RSS Subscribe to RSS - Security