Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By simnav on
i know https is the solution but i need to prevent the password sent in clear text without https. I used encrypt submission module but that is not working in my end because for after login i have define some rule for particular users. I think that's why module is not redirected the dashboard. Please provide help to avoid this problem
Comments
Rule for particular users?
Did you use Roles and Permission or Htaccess file to achieve this?
I use Rules module in drupal
I use Rules module in drupal 7 to define some rule like after login
Try htaccess
Try to update Htaccess file for this requirement
http://www.htaccesstools.com/articles/password-protection/
should i need to upload
should i need to upload .htpasswd file? If yes then they mentioned static user test but i have a dynamic user. I am confused
Use HTTPS instead
You can either encrypt the HTTP connection via HTTPS, or there are MD5 and other hashing algorithms implemented in JavaScript that can be used client side to hash the password client side before sending it.
I am not sure why you are not using HTTPS in this situation.
We can add multiple things to avoid clear text but without HTTPS there are numerous way Hacker or any Web Advanced dev person can recover d password
I will add the https later on
I will add the https later on because now my burp software show the vulnerability of clear text. I have to remove that before move on the production server. Thats why i need client side encryption please help me which module is used for client side encryption i have tried encrypt submission but that is not working on my end.
create self signed ssl certificate
Use Self signed ssl certificate for your local environment.
Its very easy and handy for local development