Security

This module adds support for mixed use of SSL and non-SSL (http and https protocols) for the 6.x branch of Domain Access.

Currently, Domain Access allows you to specify per domain whether to use http or https, and if a domain source is configured, URLs throughout that site (including form actions and so forth) use that protocol. However, if your site mixes use of both protocols (say, with SSL to protect the user login page, admin pages, or authenticated sessions in general), Domain Access does not support that configuration.

For background information, see the original issue: #758714: Allow both http and https for a given domain?

Overview

An implementation of the Content Security Policy specification.

Update Status Proxy is a module which provides a work-around for Drupal's inability to handle proxy servers, which makes getting the update status of modules impossible when your site is behind a r

Show CAPTCHA protection on selected forms after specified number of unsuccessful form submit attempts has been made.

The long name for this project could be: Static Code Analysis for Security Vulnerabilities.

Goal
From the abstract to the related project in the 2010 Google Summer of Code:
The goal of this module is to develop automated tools to assist with security reviews of Drupal module code. The tools will be built atop the grammar parser library and its code manipulation API (CMAPI). The project may also involve extending and enhancing the CMAPI to support the security review tools. The code manipulation API provides tools for traversing, searching and modifying a code snippet. This foundation should prove useful to the development of a security review engine.

Description