This project is not covered by Drupal’s security advisory policy.

The salt module allows for Drupal passwords to be 'salted' - an internal string is appended to the password prior to storage - making them less prone to dictionary attacks, rainbow tables and the like.

This module currently stores the salted password in the database. Consequently, disabling this module or changing the salt at any time will require users with salted passwords to recover their passwords.

Furthermore, Drupal by default includes the password for newly registered users within the welcome e-mail. It is recommended that the welcome e-mail template be edited to remove this (unsalted) password. The user will be able to use the one-time login link and select his own (salted) password.

Note: Drupal7 has greatly improved password storage. This module will likely be unneeded in the future.

Project information